Service Tokens

SUSE Observability

Overview

Using Service tokens it's possible to authenticate to SUSE Observability without having an associated a user account. This is useful for situations where you want to use SUSE Observability from headless services like a CI server. In such a scenario you typically don't want to provision a user account in your identity provider.

Manage service tokens

Service tokens can be managed via the sts CLI. The following commands are available:

> sts service-token --help
Manage service tokens.

Usage:
  sts service-token [command]

Available Commands:
  create      Create a service token
  delete      Delete a service token
  list        List service tokens

Use "sts service-token [command] --help" for more information about a command.

Create service tokens

To create a service token in your instance of SUSE Observability, you can use the sts CLI.

sts service-token create

Note that the service token will only be displayed once. It isn't possible to see the token again.

This command takes the following command line arguments:

Flag

Description

--name

The name of the service token

--expiration

The expiration date of the service token, the format is yyyy-MM-dd. The expiration is optional.

--roles

A comma separated list of roles to assign to the service token

For example, the command below will create a service token with the name my-service-token and the role stackstate-k8s-troubleshooter:

> sts service-token create --name my-service-token --roles stackstate-k8s-troubleshooter
✅ Service token created: svctok-aaaaa-bbbb-ccccc-ddddd

List service tokens

The ID, name, expiration date and roles of all created service tokens can be seen using the sts CLI. For example:

> sts service-token list
ID              | NAME             | EXPIRATION | ROLES
107484341630693 | my-service-token |            | [stackstate-k8s-troubleshooter]

Delete service tokens

A service token can be deleted using the sts CLI. Pass the ID of the service token as an argument. For example:

> sts service-token delete 107484341630693
✅ Service token deleted: 107484341630693

Authenticating using service tokens

Once created, a service token can be used to authenticate to SUSE Observability from a headless service. To do this you can either use the CLI or directly talk to the API.

SUSE Observability `sts` CLI

A service token can be used for authentication with the new sts CLI.

> sts context --name <name> --service-token <TOKEN> --url https://<tenant>.app.stackstate.io

SUSE Observability APIs

To use a service token to talk directly to the SUSE Observability API, add it to the header of the request in one of the following ways:

In the Authorization header:

> curl -X GET -H "Authorization: ApiKey <TOKEN>" http://<tenant>.app.stackstate.io/api/server/status

In the X-API-Key header:

> curl -X GET -H "X-API-Key: <TOKEN>" http://<tenant>.app.stackstate.io/api/server/status

PreviousExternal secrets NextAPI Keys

Last updated 7 months ago

Service Tokens

SUSE Observability

Overview

Manage service tokens

Service tokens can be managed via the sts CLI. The following commands are available:

> sts service-token --help
Manage service tokens.

Usage:
  sts service-token [command]

Available Commands:
  create      Create a service token
  delete      Delete a service token
  list        List service tokens

Use "sts service-token [command] --help" for more information about a command.

Create service tokens

To create a service token in your instance of SUSE Observability, you can use the sts CLI.

sts service-token create

Note that the service token will only be displayed once. It isn't possible to see the token again.

This command takes the following command line arguments:

Flag

Description

--name

The name of the service token

--expiration

The expiration date of the service token, the format is yyyy-MM-dd. The expiration is optional.

--roles

A comma separated list of roles to assign to the service token

For example, the command below will create a service token with the name my-service-token and the role stackstate-k8s-troubleshooter:

> sts service-token create --name my-service-token --roles stackstate-k8s-troubleshooter
✅ Service token created: svctok-aaaaa-bbbb-ccccc-ddddd

List service tokens

The ID, name, expiration date and roles of all created service tokens can be seen using the sts CLI. For example:

> sts service-token list
ID              | NAME             | EXPIRATION | ROLES
107484341630693 | my-service-token |            | [stackstate-k8s-troubleshooter]

Delete service tokens

A service token can be deleted using the sts CLI. Pass the ID of the service token as an argument. For example:

> sts service-token delete 107484341630693
✅ Service token deleted: 107484341630693

Authenticating using service tokens

Once created, a service token can be used to authenticate to SUSE Observability from a headless service. To do this you can either use the CLI or directly talk to the API.

SUSE Observability `sts` CLI

A service token can be used for authentication with the new sts CLI.

> sts context --name <name> --service-token <TOKEN> --url https://<tenant>.app.stackstate.io

SUSE Observability APIs

To use a service token to talk directly to the SUSE Observability API, add it to the header of the request in one of the following ways:

In the Authorization header:

> curl -X GET -H "Authorization: ApiKey <TOKEN>" http://<tenant>.app.stackstate.io/api/server/status

In the X-API-Key header:

> curl -X GET -H "X-API-Key: <TOKEN>" http://<tenant>.app.stackstate.io/api/server/status

PreviousExternal secrets NextAPI Keys

Last updated 7 months ago

Overview

Manage service tokens

Create service tokens

List service tokens

Delete service tokens

Authenticating using service tokens

SUSE Observability sts CLI

SUSE Observability APIs

Overview

Manage service tokens

Create service tokens

List service tokens

Delete service tokens

Authenticating using service tokens

SUSE Observability sts CLI

SUSE Observability APIs

SUSE Observability `sts` CLI

SUSE Observability `sts` CLI