API Tokens
Overview
API Tokens are used to access the Chef Automate API. They are the only way to authenticate against the Chef Automate API. Tokens can be added as members of policies in order to grant them permissions.
Permission for the iam:tokens
action is required to interact with tokens. Any user that is part of the admins
team or the Administrator
policy will have this permission. Otherwise, IAM custom policies can be created to assign this permission.
Managing API Tokens
Creating API Tokens
Navigate to API Tokens in the Settings tab. Then, use the Create Token button, which opens a dialog box for entering the API token’s name and optionally assigning the API token to one or more Policies and to one or more Projects. A token ID automatically generates upon creation. If you would like to change the token ID, select the Edit ID button.
If a policy is assigned to an API token on creation, the API token will have permissions. If no policy is selected during its creation, the API token will have no permissions. To assign permissions to the API token any time after creation, navigate to Policies in the Settings tab, locate the appropriate policy, and then add the API token as a member of the policy using a member expression.
API Token Value
After creating an API Token, you can obtain the token’s value by opening the menu at the end of the table row and selecting Copy Token.
Admin Tokens
Admin tokens are tokens that are automatically added to the Administrator policy, which grants full access to Chef Automate.
Admin tokens can only be created using the chef-automate
command line.
chef-automate iam token create <your-token-name> --admin
To create an admin token and immediately store it in an environment variable for easy access, you can instead run:
export TOKEN=`chef-automate iam token create <your-token-name> --admin`
echo $TOKEN
Once you have an Admin API token, you can use it to make requests by passing it in the api-token
header:
curl -s -H "api-token: $TOKEN" https://automate.example.com/apis/iam/v2/policies -v
Deleting API Tokens
Navigate to API Tokens in the Settings tab. Then open the menu at the end of the table row and select Delete Token.
Changing API Token Details
The API token name, projects the token belongs to, and the token’s status can be changed by navigating to API Tokens from the Settings tab, selecting an individual token and then navigating to the Details tab.