Portworx Documentation has moved to https://docs.portworx.com
Portworx Enterprise version 2.13 has reached end of life and end of extended maintenance. Refer to the release support policy doc here.
Upgrade to the latest version of Portworx Enterprise for continued support. Documentation for the latest version of Portworx Enterprise can be found here.
Upgrade to the latest version of Portworx Enterprise for continued support. Documentation for the latest version of Portworx Enterprise can be found here.
Generate tokens
With Portworx, you can use the pxctl
command-line tool to generate a token. Run the following command to access the built-in help and see the available flags:
pxctl auth token generate --help
Generate a self signed token based on a specified configuration yaml. The configuration defines your identity, roles, and groups to be used when generating a token.
e.g.
name: Jim Stevens
sub: jstevens@portworx.com/jstevens
email: jstevens@portworx.com
roles: ["system.user"]
groups: ["px-engineering", "kubernetes-csi"]
Usage:
pxctl auth token generate [flags]
Examples:
pxctl auth token generate --auth-config=<authconfig.yaml> --issuer <issuer> --ecdsa-private-keyfile <ecdsa key file> OR --rsa-private-keyfile <rsa key file> OR --shared-secret <secret>
Flags:
--auth-config string (Required) Auth account information file providing email, name, etc.
--ecdsa-private-keyfile string ECDSA Private file to sign token
-h, --help help for generate
--issuer string (Required) Issuer name of token. Do not use https:// in the issuer since it could indicate that this is an OpenID Connect issuer.
--output string Output token to file instead of standard out
--rsa-private-keyfile string RSA Private file to sign token
--shared-secret string Shared secret to sign token
--token-duration string Duration of time where the token will be valid. Postfix the duration by using s for seconds, m for minutes, h for hours, d for days, and y for years. (default "1d")
Global Flags:
--ca string path to root certificate for ssl usage
--cert string path to client certificate for ssl usage
--color output with color coding
--config string config file (default is $HOME/.pxctl.yaml)
--context string context name that overrides the current auth context
-j, --json output in json
--key string path to client key for ssl usage
--output-type string use "wide" to show more details
--raw raw CLI output for instrumentation
--ssl ssl enabled for portworx
The pxctl
command-line tool allows you to generate the tokens in the following ways:
- ECDSA
- RSA
- shared secret
For example, to generate a token with a shared secret, specify these flags:
--auth-config
with the path to the file providing account information--shared-secret
with a string representing your shared secret.--issuer
with the name of the issuer.--output
with the name of the file
As an example, the following example generates a token:
echo "name: Example User
email: user@example.com
sub: user@example.com/username
roles: [\"system.user\"]
groups: [\"*\"]" > authconfig.yaml
pxctl auth token generate --auth-config=authconfig.yaml --issuer my_issuer \
--shared-secret my_shared_secret \
--output self-signed-token.txt
Token written to output file: self-signed-token.txt
Use the cat
command to view the content of the self-signed-token.txt
file:
cat self-signed-token.txt
Last edited: Tuesday, May 16, 2023
Questions? Visit the Portworx forum.