---
title: influxctl token create
description: The influxctl token create command creates a database token with specified permissions to resources in an InfluxDB cluster.
url: https://docs.influxdata.com/influxdb3/clustered/reference/cli/influxctl/token/create/
estimated_tokens: 4264
product: InfluxDB Clustered
version: clustered
---

# influxctl token create

The `influxctl token create` command creates a database token with specified permissions to resources in an InfluxDB cluster and outputs the token string.

The `--read-database` and `--write-database` flags support the `*` wildcard which grants read or write permissions to all databases. Enclose wildcards in single or double quotes–for example: `'*'` or `"*"`.

The `--expires-at` flag specifies the date and time a token should expire. Provide an [RFC3339 timestamp](/influxdb3/clustered/reference/glossary/#rfc3339-timestamp).

If you don’t specify a token expiration, the token never expires.

The `--format` flag lets you print the output in other formats. The `json` format is available for programmatic parsing by other tooling. Default: `table`.

## Notable behaviors

-   InfluxDB might take some time–from a few seconds to a few minutes–to activate and synchronize new tokens. If a new database token doesn’t immediately work (you receive a `401 Unauthorized` error) for querying or writing, wait and then try again.
-   Token strings are viewable *only* on token creation.

#### Store secure tokens in a secret store

Token strings are viewable *only* on token creation and aren’t stored by InfluxDB. We recommend storing database tokens in a **secure secret store**.

## Usage

```bash
influxctl token create \
  [--read-database=<DATABASE_NAME>] \
  [--write-database=<DATABASE_NAME>] \
  [--expires-at=<RFC3339_DATE>] \
  <TOKEN_DESCRIPTION>
```

## Arguments

| Argument | Description |
| --- | --- |
| TOKEN_DESCRIPTION | Database token description |

## Flags

| Flag |  | Description |
| --- | --- | --- |
|  | --expires-at | Token expiration date and time in RFC3339 format |
|  | --format | Output format (table (default) or json) |
|  | --read-database | Grant read permissions to a database (Repeatable) |
|  | --write-database | Grant write permissions to a database (Repeatable) |
| -h | --help | Output command help |

*Also see [`influxctl` global flags](/influxdb3/clustered/reference/cli/influxctl/#global-flags).*

## Examples

-   [Create a token with read and write access to a database](#create-a-token-with-read-and-write-access-to-a-database)
-   [Create a token with read and write access to all databases](#create-a-token-with-read-and-write-access-to-all-databases)
-   [Create a token with read-only access to a database](#create-a-token-with-read-only-access-to-a-database)
-   [Create a token with read-only access to multiple databases](#create-a-token-with-read-only-access-to-multiple-databases)
-   [Create a token with mixed permissions to multiple databases](#create-a-token-with-mixed-permissions-on-multiple-databases)
-   [Create a token that expires in seven days](#create-a-token-that-expires-in-seven-days)

In the examples below, replace the following:

-   `DATABASE_NAME`: your InfluxDB Clustered database name
-   `DATABASE2_NAME`: your second InfluxDB Clustered database name
-   `TOKEN_ID`: token ID to update

### Create a token with read and write access to a database

```bash
influxctl token create \
  --read-database DATABASE_NAME \
  --write-database DATABASE_NAME \
  "Read/write token for DATABASE_NAME"
```

### Create a token with read and write access to all databases

```bash
influxctl token create \
  --read-database "*" \
  --write-database "*" \
  "Read/write token for all databases"
```

### Create a token with read-only access to a database

```bash
influxctl token create \
  --read-database DATABASE_NAME \
  "Read-only token for DATABASE_NAME"
```

### Create a token with read-only access to multiple databases

```bash
influxctl token create \
  --read-database DATABASE_NAME \
  --read-database DATABASE2_NAME \
  "Read-only token for DATABASE_NAME and DATABASE2_NAME"
```

### Create a token with mixed permissions to multiple databases

```bash
influxctl token create \
  --read-database DATABASE_NAME \
  --read-database DATABASE2_NAME \
  --write-database DATABASE2_NAME \
  "Read-only on DATABASE_NAME, read/write on DATABASE2_NAME"
```

### Create a token that expires in seven days

<!-- Tabbed content: Select one of the following options -->

**Linux:**

```bash
influxctl token create \
  --read-database DATABASE_NAME \
  --write-database DATABASE_NAME \
  --expires-at $(date -d "+7 days" +"%Y-%m-%dT%H:%M:%S%z") \
  "Read/write token for DATABASE_NAME with 7d expiration"
```

**macOS:**

```bash
influxctl token create \
  --read-database DATABASE_NAME \
  --write-database DATABASE_NAME \
  --expires-at $(gdate -d "+7 days" +"%Y-%m-%dT%H:%M:%S%z") \
  "Read/write token for DATABASE_NAME with 7d expiration"
```

<!-- End tabbed content -->