Documentation

influxctl token create

The influxctl token create command creates a database token with specified permissions to resources in an InfluxDB Cloud Dedicated cluster and outputs the token string.

The --read-database and --write-database flags support the * wildcard which grants read or write permissions to all databases. Enclose wildcards in single or double quotes–for example: '*' or "*".

The --expires-at flag specifies the date and time a token should expire. Provide an RFC3339 timestamp.

If you don’t specify a token expiration, the token never expires.

The --format flag lets you print the output in other formats. The json format is available for programmatic parsing by other tooling. Default: table.

Notable behaviors

  • InfluxDB might take some time–from a few seconds to a few minutes–to activate and synchronize new tokens. If a new database token doesn’t immediately work (you receive a 401 Unauthorized error) for querying or writing, wait and then try again.
  • Token strings are viewable only on token creation.

Store secure tokens in a secret store

Token strings are viewable only on token creation and aren’t stored by InfluxDB. We recommend storing database tokens in a secure secret store.

Usage

influxctl token create \
  [--read-database=<DATABASE_NAME>] \
  [--write-database=<DATABASE_NAME>] \
  [--expires-at=<RFC3339_DATE>] \
  <TOKEN_DESCRIPTION>

Arguments

ArgumentDescription
TOKEN_DESCRIPTIONDatabase token description

Flags

FlagDescription
--expires-atToken expiration date and time in RFC3339 format
--formatOutput format (table (default) or json)
--read-databaseGrant read permissions to a database (Repeatable)
--write-databaseGrant write permissions to a database (Repeatable)
-h--helpOutput command help

Examples

In the examples below, replace the following:

  • DATABASE_NAME: your InfluxDB Cloud Dedicated database name
  • DATABASE2_NAME: your second InfluxDB Cloud Dedicated database name
  • TOKEN_ID: token ID to update

Create a token with read and write access to a database

influxctl token create \
  --read-database 
DATABASE_NAME
\
--write-database
DATABASE_NAME
\
"Read/write token for
DATABASE_NAME
"

Create a token with read and write access to all databases

influxctl token create \
  --read-database "*" \
  --write-database "*" \
  "Read/write token for all databases"

Create a token with read-only access to a database

influxctl token create \
  --read-database 
DATABASE_NAME
\
"Read-only token for
DATABASE_NAME
"

Create a token with read-only access to multiple databases

influxctl token create \
  --read-database 
DATABASE_NAME
\
--read-database
DATABASE2_NAME
\
"Read-only token for
DATABASE_NAME
and
DATABASE2_NAME
"

Create a token with mixed permissions to multiple databases

influxctl token create \
  --read-database 
DATABASE_NAME
\
--read-database
DATABASE2_NAME
\
--write-database
DATABASE2_NAME
\
"Read-only on
DATABASE_NAME
, read/write on
DATABASE2_NAME
"

Create a token that expires in seven days

influxctl token create \
  --read-database 
DATABASE_NAME
\
--write-database
DATABASE_NAME
\
--expires-at $(date -d "+7 days" +"%Y-%m-%dT%H:%M:%S%z") \ "Read/write token for
DATABASE_NAME
with 7d expiration"
influxctl token create \
  --read-database 
DATABASE_NAME
\
--write-database
DATABASE_NAME
\
--expires-at $(gdate -d "+7 days" +"%Y-%m-%dT%H:%M:%S%z") \ "Read/write token for
DATABASE_NAME
with 7d expiration"

Was this page helpful?

Thank you for your feedback!


The future of Flux

Flux is going into maintenance mode. You can continue using it as you currently are without any changes to your code.

Read more

New in InfluxDB 3.4

Key enhancements in InfluxDB 3.4 and the InfluxDB 3 Explorer 1.2.

See the Blog Post

InfluxDB 3.4 is now available for both Core and Enterprise, which introduces offline token generation for use in automated deployments and configurable license type selection that lets you bypass the interactive license prompt. InfluxDB 3 Explorer 1.2 is also available, which includes InfluxDB cache management and other new features.

For more information, check out: