Generate a token using the RBAC API

The RBAC API v1 /auth/token endpoint allows you to generate a token.

  1. Call the POST /auth/token or POST /tokens endpoint.
  2. Save the token by:
    • Copying the token to a text file.
    • Saving the token as an environment variable using: export TOKEN=<TOKEN>
Results

You can use the token until it expires, or until your access is revoked. The token has the same permissions as the user associated with it.

If a remote user generates a token, and that user is then deleted from your external directory service, the deleted user cannot log into the Puppet Enterprise (PE) console. However, because the token has already been authenticated, the RBAC service does not contact the external directory service again when the token is used in the future. To prevent the user from accessing the system through the token, you need to manually revoke or delete the user from PE.