Token-based authentication
Authentication tokens allow a user to enter their credentials once, then receive an alphanumeric token to use to access different services or parts of the system infrastructure. Authentication tokens are tied to the permissions granted to the user through role-based access control (RBAC), and they provide the user with the appropriate access to HTTP requests.
Authentication tokens manage access to these Puppet Enterprise (PE) services:
- Activity service
- Code Manager
- Node classifier
- PuppetDB
- Puppet orchestrator
- RBAC
You can generate authentication tokens using the PE console,
the puppet-access
command, or the RBAC API v1 Tokens endpoints. You can also generate one-off tokens that do not need
to be saved, which are typically used by a service.
In the PE console, you can view or revoke your own tokens on the Tokens tab of the My account page. Administrators can view and revoke tokens for other users on the User details page. You can also Configure RBAC and token-based authentication settings in the PE Infrastructure node group.