Create a database token
Use the influxctl token create
command
to create a token that grants access to databases in your InfluxDB cluster.
- If you haven’t already, download and install the
influxctl
CLI. - In your terminal, run the
influxctl token create
command and provide the following:-
Token permissions (read and write)
--read-database
: Grants read permissions to the specified database. Repeatable.--write-database
: Grants write permissions to the specified database. Repeatable.
Both of these flags support the
*
wildcard which grants read or write permissions to all databases. Enclose wildcards in single or double quotes–for example:'*'
or"*"
. -
Token description
-
influxctl token create \
--read-database DATABASE_NAME \
--write-database DATABASE_NAME \
"Read/write token for DATABASE_NAME"
Replace the following:
DATABASE_NAME
: your InfluxDB Clustered database
The output is the token ID and the token string. This is the only time the token string is available in plain text.
Notable behaviors
- InfluxDB might take some time–from a few seconds to a few minutes–to activate and synchronize new tokens.
If a new database token doesn’t immediately work (you receive a
401 Unauthorized
error) for querying or writing, wait and then try again. - Token strings are viewable only on token creation.
Store secure tokens in a secret store
Token strings are viewable only on token creation and aren’t stored by InfluxDB. We recommend storing database tokens in a secure secret store. For example, see how to authenticate Telegraf using tokens in your OS secret store.
If you lose a token, delete the token from InfluxDB and create a new one.
Output format
The influxctl token create
command supports the --format json
option.
By default, the command outputs the token string.
For token details and easier programmatic access to the command output, include --format json
with your command to format the output as JSON.
Examples
- Create a token with read and write access to a database
- Create a token with read and write access to all databases
- Create a token with read-only access to a database
- Create a token with read-only access to multiple databases
- Create a token with mixed permissions to multiple databases
In the examples below, replace the following:
DATABASE_NAME
: your InfluxDB Clustered databaseDATABASE2_NAME
: your InfluxDB Clustered database
Create a token with read and write access to a database
influxctl token create \
--read-database DATABASE_NAME \
--write-database DATABASE_NAME \
"Read/write token for DATABASE_NAME"
Create a token with read and write access to all databases
influxctl token create \
--read-database "*" \
--write-database "*" \
"Read/write token for all databases"
Create a token with read-only access to a database
influxctl token create \
--read-database DATABASE_NAME \
"Read-only token for DATABASE_NAME"
Create a token with read-only access to multiple databases
influxctl token create \
--read-database DATABASE_NAME \
--read-database DATABASE2_NAME \
"Read-only token for DATABASE_NAME and DATABASE2_NAME"
Create a token with mixed permissions to multiple databases
influxctl token create \
--read-database DATABASE_NAME \
--read-database DATABASE2_NAME \
--write-database DATABASE2_NAME \
"Read-only on DATABASE_NAME, read/write on DATABASE2_NAME"
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for InfluxDB and this documentation. To find support, use the following resources:
Customers with an annual or support contract can contact InfluxData Support.