Documentation

Bypass your identity provider

InfluxDB Clustered generates a valid access token (known as the admin token) for managing databases and database tokens and stores it as a secret in your InfluxDB namespace. You can use the admin token with the influxctl CLI in lieu of configuring and using an OAuth2 identity provider.

Do not use in production

This feature is for development and testing purposes only and should not be used in a production InfluxDB cluster.

Configure influxctl to use the admin token

  1. If you haven’t already, download, install, or upgrade to influxctl v2.2.0 or newer.

  2. Use kubectl to retrieve the admin token from your cluster namespace’s secret store and copy it to a file:

    kubectl get secrets/admin-token \
      --template={{.data.token}} \
      --namespace 
    INFLUXDB_NAMESPACE
    | base64 -d > token.json
  3. Update your influxctl connection profile with a new [profile.auth.token] section.

  4. In the [profile.auth.token] section, assign the token_file setting to the location of your saved admin token file:

    [[profile]]
    # ...
      [profile.auth.token]
        token_file = "/
    DIRECTORY_PATH
    /token.json"

In the examples above, replace the following:

  • INFLUXDB_NAMESPACE: The name of your InfluxDB namespace.
  • DIRECTORY_PATH: The directory path to your admin token file, token.json.

Revoke an admin token

The admin token is a long-lived access token. The only way to revoke the token is to do the following:

  1. Delete the rsa-keys and admin-token secrets from your InfluxDB cluster’s context and namespace:

    kubectl delete secret rsa-keys admin-token --namespace 
    INFLUXDB_NAMESPACE
  2. Rerun the key-gen and create-admin-token jobs:

    1. List the jobs in your InfluxDB namespace to find the key-gen job pod:

      # List jobs to find the key-gen job pod
      kubectl get jobs --namespace 
      INFLUXDB_NAMESPACE
    2. Delete the key-gen and create-admin-token jobs so they it will be re-created by kubit:

      kubectl delete job/
      KEY_GEN_JOB
      job/CREATE_ADMIN_TOKEN_JOB \
      --namespace
      INFLUXDB_NAMESPACE
  3. Restart the token-management service:

    kubectl delete pods \
      --selector app=token-management \
      --namespace 
    INFLUXDB_NAMESPACE

In the examples above, replace the following:

  • INFLUXDB_NAMESPACE: The name of your InfluxDB namespace.
  • KEY_GEN_JOB: The name of the key-gen job pod.

To create a new admin token after revoking the existing one, rerun the create-admin-token job.


Was this page helpful?

Thank you for your feedback!


New in InfluxDB 3.5

Key enhancements in InfluxDB 3.5 and the InfluxDB 3 Explorer 1.3.

See the Blog Post

InfluxDB 3.5 is now available for both Core and Enterprise, introducing custom plugin repository support, enhanced operational visibility with queryable CLI parameters and manual node management, stronger security controls, and general performance improvements.

InfluxDB 3 Explorer 1.3 brings powerful new capabilities including Dashboards (beta) for saving and organizing your favorite queries, and cache querying for instant access to Last Value and Distinct Value caches—making Explorer a more comprehensive workspace for time series monitoring and analysis.

For more information, check out:

InfluxDB Docker latest tag changing to InfluxDB 3 Core

On November 3, 2025, the latest tag for InfluxDB Docker images will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments.

If using Docker to install and run InfluxDB, the latest tag will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments. For example, if using Docker to run InfluxDB v2, replace the latest version tag with a specific version tag in your Docker pull command–for example:

docker pull influxdb:2