Create Admin Tokens
You can create admin tokens to provide tokenized account access for automated strongDM use. This guide describes setting up and using admin tokens. To create an admin token, you'll need to have admin access to the strongDM Admin UI.
Admin tokens are for administrative tasks, including:
- Collecting audit logs
- Managing users
- Managing roles
- Managing resources
- Managing gateways and relays
Admin tokens come from Settings > Admin Tokens. Click on add token and the Create Admin Token page will come up. Here you can choose which rights this admin token will have and how long the token will be valid.
Give your token a name, select the appropriate options for your admin token use case, then click Create. The token will appear in a pop-up window. Copy the token somewhere safe, as you will not be able to view the token after this point.
There are 2 methods to authenticate the CLI with an admin token.
The CLI will reference the environment variable SDM_ADMIN_TOKEN. You can set this in your shell by using
The CLI can also store the token if a login is performed with the
sdm login --admin-token='token_value_here'
Once authenticated with an admin token, you will be able to run any command granted to the token.
- User commands:
sdm admin users -h
- Role commands:
sdm admin roles -h
- Datasources & Server:
sdm admin -h
- Relay commands:
sdm admin relays -h
- Audit commands:
sdm audit -h
Rotating an admin token will generate a new secret while maintaining the name and permissions. We recommend doing so if you believe a token has been compromised or if a user with access to the token has left the your organization.
Once a token has been rotated or deleted the token will immediately lose its ability to authenticate commands from that point forward.