Bypass your identity provider
InfluxDB Clustered generates a valid access token (known as the admin token)
for managing databases and database tokens and stores it as a secret in your
InfluxDB namespace.
You can use the admin token with the influxctl
CLI
in lieu of configuring and using an OAuth2 identity provider.
Do not use in production
This feature is for development and testing purposes only and should not be used in a production InfluxDB cluster.
Configure influxctl to use the admin token
If you haven’t already, download, install, or upgrade to
influxctl
v2.2.0 or newer.Use
kubectl
to retrieve the admin token from your cluster namespace’s secret store and copy it to a file:kubectl get secrets/admin-token \ --template={{.data.token}} \ --namespace
INFLUXDB_NAMESPACE| base64 -d > token.jsonUpdate your
influxctl
connection profile with a new[profile.auth.token]
section.In the
[profile.auth.token]
section, assign thetoken_file
setting to the location of your saved admin token file:[[profile]] # ... [profile.auth.token] token_file = "/
DIRECTORY_PATH/token.json"
In the examples above, replace the following:
INFLUXDB_NAMESPACE
: The name of your InfluxDB namespace.DIRECTORY_PATH
: The directory path to your admin token file,token.json
.
Revoke an admin token
The admin token is a long-lived access token. The only way to revoke the token is to do the following:
Delete the
rsa-keys
secret from your InfluxDB cluster’s context and namespace:kubectl delete secrets/rsa-keys --namespace
INFLUXDB_NAMESPACERerun the
key-gen
job:List the jobs in your InfluxDB namespace to find the key-gen job pod:
# List jobs to find the key-gen job pod kubectl get jobs --namespace
INFLUXDB_NAMESPACERun the key-gen job and increment the job number as needed:
kubectl create job \ --from=job/
KEY_GEN_JOBkey-gen-001\ --namespaceINFLUXDB_NAMESPACE
Restart the
token-management
service:kubectl delete pods \ --selector app=token-management \ --namespace
INFLUXDB_NAMESPACE
In the examples above, replace the following:
INFLUXDB_NAMESPACE
: The name of your InfluxDB namespace.KEY_GEN_JOB
: The name of the key-gen job pod.001
: A unique number used to increment the key-gen job.
To create a new admin token after revoking the existing one, rerun the
create-admin-token
job.
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for InfluxDB and this documentation. To find support, use the following resources:
Customers with an annual or support contract can contact InfluxData Support.