5.5 KiB
| title | description | menu | weight | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Use a preconfigured permission (resource) tokens | Start {{% product-name %}} with a preconfigured "offline" permission (resource) tokens file. If no tokens already exist, InfluxDB automatically creates resource tokens specified in the provided permissions (resource) tokens file. |
|
202 |
Start {{% product-name %}} with a preconfigured "offline" permission (resource) tokens file. If no tokens already exist, InfluxDB automatically creates resource tokens specified in the provided permission (resource) tokens file.
- Generate an offline permissions (resource) tokens file
- Start InfluxDB with the preconfigured permission tokens
Generate an offline permissions (resource) tokens file
Use the influxdb3 create token command to generate an offline permission (resource)
tokens file. You can also specify corresponding databases to create when starting InfluxDB.
Include the following options:
{{% req type="key" %}}
- {{% req "*" %}}
--name: The name of the admin token (replace {{% code-placeholder-key %}}TOKEN_NAME{{% /code-placeholder-key %}}) - {{% req "*" %}}
--permissions: The token permissions (replace {{% code-placeholder-key %}}TOKEN_PERMISSIONS{{% /code-placeholder-key %}}) --expiry: Duration for the token to remain valid, in humantime format--for example10dfor 10 days or1yfor 1 year (replace {{% code-placeholder-key %}}DURATION{{% /code-placeholder-key %}})- {{% req "*" %}}
--offline --create-databases: Comma separated list of database names to create when starting the server (replace {{% code-placeholder-key %}}DATABASE_LIST{{% /code-placeholder-key %}})- {{% req "*" %}}
--output-file: File path to use for the generated token file (replace {{% code-placeholder-key %}}path/to/tokens.json{{% /code-placeholder-key %}})
influxdb3 create token \
--name TOKEN_NAME \
--permission "TOKEN_PERMISSIONS" \
--expiry DURATION \
--offline \
--create-databases DATABASE_LIST \
--output-file path/to/tokens.json
[!Note]
Add multiple tokens to a permission tokens file
If you write a new offline permission token to an existing permission token file, the command appends the new token to the existing output file.
You can write or generate your own permission tokens file
The
influxdb3 create token --offlinecommand makes generating an offline permission tokens file easy, but it is not required. You can write or generate your own permission tokens file using the required JSON schema. To ensure that your tokens are secure, we recommend using a strong and randomized hashing algorithm.
[!Important]
Token file permissions
Token file permissions should be restricted
0600to protect the tokens.
Offline permission tokens file schema
An offline permission tokens file is a JSON-formatted file that contains a single object with the following fields:
-
create_databases: (Optional) Array of database names to create when starting the server
-
tokens: Array of token objects
- token: The raw token string (must begin with
apiv3_) - name: A unique token name
- expiry_millis: (Optional) Token expiration time as a millisecond Unix timestamp
- permissions: Array of token permission strings.
- token: The raw token string (must begin with
{
"create_databases": [
"db1",
"db2",
"db3",
"db4"
],
"tokens": [
{
"token": "apiv3_0XXXX-xxxXxXxxxXX_OxxxX...",
"name": "token-1",
"expiry_millis": 1756400061529,
"permissions": [
"db:db1,db2:read,write",
"db:db3:read"
]
},
{
"token": "apiv3_0XXXX-xxxXxXxxxXX_OxxxX...",
"name": "token-2",
"expiry_millis": 1756400061529,
"permissions": [
"db:db4:read,write"
]
}
]
}
Start InfluxDB with the preconfigured permission tokens
When starting {{% product-name %}}, include the --permission-tokens-file
option with the influxdb3 serve command or set the
INFLUXDB3_PERMISSION_TOKENS_FILE environment
variable to provide the preconfigured offline permission tokens file:
{{< code-tabs-wrapper >}} {{% code-tabs %}} CLI option Environment variable {{% /code-tabs %}} {{% code-tab-content %}}
influxdb3 serve \
# ... \
--permission-tokens-file path/to/admin-token.json
{{% /code-tab-content %}} {{% code-tab-content %}}
INFLUXDB3_PERMISSION_TOKENS_FILE=path/to/admin-token.json
influxdb3 serve \
# ... \
{{% /code-tab-content %}} {{< /code-tabs-wrapper >}}
When the server starts, you can use the preconfigured permission (resource) tokens to write data to and query data from with your {{% product-name %}} instance or cluster.