Generate a token using puppet-access
Use the puppet-access command to generate an authentication tokens
from the command line of any workstation (Puppet-managed or
not), without the need to SSH into the primary server.
For information about modifying commands for Windows and privilege escalation, refer to Using example commands and Commands with elevated privileges.
- Choose one of the following options, depending on
how long you need your token to last:
- To generate a token with the default one-hour lifetime,
run:
sudo puppet-access login
- To generate a token with a specific lifetime,
run:
sudo puppet-access login --lifetime <TIME_PERIOD>
For example, to generate a token that lasts five hours, run:
puppet-access login --lifetime 5h
- To generate a token with the default one-hour lifetime,
run:
- When prompted, enter the user name and password that you use to log into the PE console.
The puppet-access command uses RBAC API v1 Tokens endpoints. If your login credentials are correct, the RBAC
service generates a token.
The token is generated and stored in a file for later use. The default token storage
location is ~/.puppetlabs/token. You can print the token at any
time, such as in curl commands, by using puppet-access show.
You can continue to use this token until it expires, or until your access is revoked. The token has the same permissions as the user that generated it.
--debug
flag, the client outputs the token, as well as the username and password. For
security reasons, exercise caution when using the --debug flag with
the login command.
