Configure puppet access
On this page:
The puppet access command allows users to generate and manage
authentication tokens from the command line of any workstation (Puppet-managed or not), without the need to SSH into the primary
server. If you want to use puppet access, ensure it is
configured correctly before using it to generate authentication tokens.
The configuration file for puppet access allows you to define default
settings so that you can generate tokens from the CLI without having to pass additional
flags.
Whether you are running puppet access on a PE-managed server or installing it on a separate work station, you need a global
configuration file and a user-specified configuration file.
Global configuration file
The global configuration file is located at:
- On *nix systems:
/etc/puppetlabs/client-tools/puppet access.conf - On Windows systems:
C:/ProgramData/PuppetLabs/client-tools/puppet access.conf
On machines managed by Puppet Enterprise (PE), the global configuration file is created for you. The configuration file is formatted in JSON. For example:
{
"service-url": "https://<CONSOLE_HOSTNAME>:4433/rbac-api",
"token-file": "~/.puppetlabs/token",
"certificate-file": "/etc/puppetlabs/puppet/ssl/certs/ca.pem"
}service-url setting.If you're running puppet access from a workstation not managed by PE, you must create the global file and populate it with
the required configuration file settings.
User-specified configuration file
The user-specified configuration file is located at
~/.puppetlabs/client-tools/puppet access.conf for both *nix and Windows
systems.
The user-specified configuration file always takes precedence over the global
configuration file. For example, if the two files have contradictory settings for the
token-file, the user-specified setting prevails.
You must create the user-specified file and populate it with the configuration file settings. A list of configuration file settings is found in Configuration file settings for puppet access.






