API Tokens

Overview

API Tokens are used to access the Chef Automate API. They are the only way to authenticate against the Chef Automate API. Tokens can be added as members of policies in order to grant them permissions.

Permission for the iam:tokens action is required to interact with tokens. Any user that is part of the admins team or the Administrator policy will have this permission. Otherwise, IAM custom policies can be created to assign this permission.

Managing API Tokens

Creating API Tokens

Navigate to API Tokens in the Settings tab. Then, use the Create Token button, which opens a dialog box for entering the API token’s name and optionally assigning the API token to one or more Policies and to one or more Projects. A token ID automatically generates upon creation. If you would like to change the token ID, select the Edit ID button.

If a policy is assigned to an API token on creation, the API token will have permissions. If no policy is selected during its creation, the API token will have no permissions. To assign permissions to the API token any time after creation, navigate to Policies in the Settings tab, locate the appropriate policy, and then add the API token as a member of the policy using a member expression.

API Tokens

API Token Value

After creating an API Token, you can obtain the token’s value by opening the menu at the end of the table row and selecting Copy Token.

Admin Tokens

Admin tokens are tokens that are automatically added to the Administrator policy, which grants full access to Chef Automate. Admin tokens can only be created using the chef-automate command line.

chef-automate iam token create <your-token-name> --admin

To create an admin token and immediately store it in an environment variable for easy access, you can instead run:

export TOKEN=`chef-automate iam token create <your-token-name> --admin`
echo $TOKEN

Once you have an Admin API token, you can use it to make requests by passing it in the api-token header:

curl -s -H "api-token: $TOKEN" https://automate.example.com/apis/iam/v2/policies -v

Deleting API Tokens

Navigate to API Tokens in the Settings tab. Then open the menu at the end of the table row and select Delete Token.

Changing API Token Details

The API token name, projects the token belongs to, and the token’s status can be changed by navigating to API Tokens from the Settings tab, selecting an individual token and then navigating to the Details tab.