Documentation

InfluxDB Clustered

Bypass your identity provider

InfluxDB Clustered generates a valid access token (known as the admin token) for managing databases and database tokens and stores it as a secret in your InfluxDB namespace. You can use the admin token with the influxctl CLI in lieu of configuring and using an OAuth2 identity provider.

Do not use in production

This feature is for development and testing purposes only and should not be used in a production InfluxDB cluster.

Configure influxctl to use the admin token

  1. If you haven’t already, download, install, or upgrade to influxctl v2.2.0 or newer.

  2. Use kubectl to retrieve the admin token from your cluster namespace’s secret store and copy it to a file:

    kubectl get secrets/admin-token \
  --template={{.data.token}} \
  --namespace 
    INFLUXDB_NAMESPACE
     | base64 -d > token.json
    • Copy
    • Fill window

  3. Update your influxctl connection profile with a new [profile.auth.token] section.

  4. In the [profile.auth.token] section, assign the token_file setting to the location of your saved admin token file:

    [[profile]]
# ...
  [profile.auth.token]
    token_file = "/
    DIRECTORY_PATH
    /token.json"
    • Copy
    • Fill window

In the examples above, replace the following:

  • INFLUXDB_NAMESPACE: The name of your InfluxDB namespace.
  • DIRECTORY_PATH: The directory path to your admin token file, token.json.

Revoke an admin token

The admin token is a long-lived access token. The only way to revoke the token is to do the following:

  1. Delete the rsa-keys and admin-token secrets from your InfluxDB cluster’s context and namespace:

    kubectl delete secret rsa-keys admin-token --namespace 
    INFLUXDB_NAMESPACE
    • Copy
    • Fill window

  2. Rerun the key-gen and create-admin-token jobs:

    1. List the jobs in your InfluxDB namespace to find the key-gen job pod:

      # List jobs to find the key-gen job pod
kubectl get jobs --namespace 
      INFLUXDB_NAMESPACE
      • Copy
      • Fill window

    2. Delete the key-gen and create-admin-token jobs so they it will be re-created by kubit:

      kubectl delete job/
      KEY_GEN_JOB
       job/CREATE_ADMIN_TOKEN_JOB \
      --namespace 
      INFLUXDB_NAMESPACE
      • Copy
      • Fill window

  3. Restart the token-management service:

    kubectl delete pods \
  --selector app=token-management \
  --namespace 
    INFLUXDB_NAMESPACE
    • Copy
    • Fill window

In the examples above, replace the following:

  • INFLUXDB_NAMESPACE: The name of your InfluxDB namespace.
  • KEY_GEN_JOB: The name of the key-gen job pod.

To create a new admin token after revoking the existing one, rerun the create-admin-token job.

Was this page helpful?

Thank you for your feedback!

© 2025 InfluxData, Inc.

What is your InfluxDB cluster URL?

Enter your InfluxDB cluster URL and we’ll update code examples for you.

Enter cluster URL

Thank you for your feedback!

Let us know what we can do better:

Thank you!

No thanks

The future of Flux

Flux is going into maintenance mode. You can continue using it as you currently are without any changes to your code.

Read more

InfluxDB 3 Core and Enterprise are now in Beta

InfluxDB 3 Core and Enterprise are now available for beta testing, available under MIT or Apache 2 license.

InfluxDB 3 Core is a high-speed, recent-data engine that collects and processes data in real-time, while persisting it to local disk or object storage. InfluxDB 3 Enterprise is a commercial product that builds on Core’s foundation, adding high availability, read replicas, enhanced security, and data compaction for faster queries. A free tier of InfluxDB 3 Enterprise will also be available for at-home, non-commercial use for hobbyists to get the full historical time series database set of capabilities.

For more information, check out:

Ask AI