Create Admin Tokens
You can create admin tokens to provide tokenized account access for automated strongDM use. This guide describes setting up and using admin tokens. To create an admin token, you'll need to have admin access to the strongDM Admin UI.
Admin tokens are for administrative tasks, including:
- Collecting audit logs
- Managing users
- Managing roles
- Managing resources
- Managing gateways and relays
Creating
Admin tokens come from Settings > Admin Tokens. Click on add token and the Create Admin Token page will come up. Here you can choose which rights this admin token will have and how long the token will be valid.
Give your token a name, select the appropriate options for your admin token use case, then click Create. The token will appear in a pop-up window. Copy the token somewhere safe, as you will not be able to view the token after this point.
Authenticating
There are 2 methods to authenticate the CLI with an admin token.
Environment Variable
The CLI will reference the environment variable SDM_ADMIN_TOKEN. You can set this in your shell by using export
export SDM_ADMIN_TOKEN='token_value_here'
Login
The CLI can also store the token if a login is performed with the --admin-token flag.
sdm login --admin-token='token_value_here'
General Usage
Once authenticated with an admin token, you will be able to run any command granted to the token.
- User commands:
sdm admin users -h - Role commands:
sdm admin roles -h - Datasources & Server:
sdm admin -h - Relay commands:
sdm admin relays -h - Audit commands:
sdm audit -h
Rotating
Rotating an admin token will generate a new secret while maintaining the name and permissions. We recommend doing so if you believe a token has been compromised or if a user with access to the token has left the your organization.
Revoking
Once a token has been rotated or deleted the token will immediately lose its ability to authenticate commands from that point forward.