influxdb3 create token --permission
The influxdb3 create token command with the --permission option creates a new authentication token
with fine-grained access permissions for specific resources in InfluxDB 3 Enterprise.
Fine-grained access permissions allow you to specify the exact actions, such as
read and write that a token can perform on a specific resource, such as
a database or a system information endpoint.
Usage
influxdb3 create token --permission <PERMISSION> --name <NAME> [OPTIONS]Options
| Option | Description | |
|---|---|---|
--permission <PERMISSION> | Permissions in RESOURCE_TYPE:RESOURCE_NAMES:ACTIONS format–for example, db:*:read,write, system:*:read. --permission may be specified multiple times | |
--name <NAME> | Name of the token | |
-H | --host <HOST_URL> | The host URL of the running InfluxDB 3 Enterprise server [env: INFLUXDB3_HOST_URL=] [default: http://127.0.0.1:8181] |
--token <AUTH_TOKEN> | The enterprise token [env: INFLUXDB3_AUTH_TOKEN=] | |
--expiry <DURATION> | The token expiration time as a duration (for example, 1h, 7d, 1y). If not set, the token does not expire until revoked | |
--tls-ca <CA_CERT> | An optional arg to use a custom CA for testing with self-signed certs [env: INFLUXDB3_TLS_CA=] | |
--format <FORMAT> | Output format (json or text (default)) | |
-h | --help | Print help information |
--help-all | Print detailed help information |
Permission format
The --permission option takes a value in the format RESOURCE_TYPE:RESOURCE_NAMES:ACTIONS.
RESOURCE_TYPE: Available resource types include:dbfor databasessystemfor system information endpoints.
RESOURCE_NAMES: Can be a specific resource name, such as a database name, a comma-separated list of names, or*to grant access to all resources of the type.ACTIONS: A list of actions. Available actions depend on the resource type.
Examples
- Create a token with read and write access to a database
- Create a token with read-only access to a database
- Create a token with access to multiple databases
- Create a token with access to all databases
- Create a token that expires in seven days
- Create a system token for health information
- Create a token with access to all system information
- Create a token with multiple permissions
- Generate an offline permission (resource) tokens file
Create a token with read and write access to a database
influxdb3 create token \
--permission "db:my_database:read,write" \
--name "Read/write token for my_database"Create a token with read-only access to a database
influxdb3 create token \
--permission "db:my_database:read" \
--name "Read-only token for my_database"Create a token with access to multiple databases
influxdb3 create token \
--permission "db:database1,database2:read,write" \
--name "Multi-database token"Create a token with access to all databases
influxdb3 create token \
--permission "db:*:read,write" \
--name "All databases token"Create a token that expires in seven days
influxdb3 create token \
--permission "db:my_database:read,write" \
--name "Expiring token" \
--expiry 7dCreate a system token for health information
influxdb3 create token \
--permission "system:health:read" \
--name "System health token"Create a token with access to all system information
influxdb3 create token \
--permission "system:*:read" \
--name "All system information"Create a token with multiple permissions
influxdb3 create token \
--permission "db:database1:read,write" \
--permission "system:health:read" \
--name "Multi-permission token"Generate an offline permission (resource) tokens file
Generate an offline permission (resource) tokens file to use if no resource tokens exist when the server starts. Once started, you can interact with the server using the provided tokens. Offline permission tokens are designed to help with automated deployments.
Include the following options:
--name(Required)--permissions(Required)--offline(Required)--output-file(Required)--create-databases(Optional)--expiry(Optional)
influxdb3 create token \
--name TOKEN_NAME \
--permission "TOKEN_PERMISSIONS" \
--expiry DURATION \
--offline \
--create-databases DATABASE_LIST \
--output-file path/to/tokens.jsonReplace the following:
TOKEN_NAME: Name for your offline permission tokenTOKEN_PERMISSIONS: Token permissions.DURATION: Duration for the token to remain valid, in humantime format (for example,10dfor 10 days or1yfor 1 year).DATABASE_LIST: Comma-separated list of database names to create when starting the InfluxDB 3 Enterprise server using the generated tokens filepath/to/tokens.json: File path to use for the generated tokens file
If you write a new offline permission token to an existing permission token file, the command appends the new token to the existing output file.
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for InfluxDB 3 Enterprise and this documentation. To find support, use the following resources:
Customers with an annual or support contract can contact InfluxData Support. Customers using a trial license can email trial@influxdata.com for assistance.