Home / Keptn v1 Docs / Release 0.18.x / Operate Keptn / API Token
In this section, the management of the API token of a Keptn installation is explained.
To retrieve the API token of a running Keptn installation, execute:
kubectl get secret keptn-api-token -n keptn -ojsonpath='{.data.keptn-api-token}'
To decode the retrieved API token, use means provided by the operating system:
kubectl get secret keptn-api-token -n keptn -ojsonpath='{.data.keptn-api-token}' | base64 --decode
Please expand the corresponding section matching your CLI tool.
For the Windows PowerShell, a small script is provided that installs the PSYaml
module and sets the environment variables. Please note that the PowerShell might have to be started with Run as Administrator privileges to install the module.
Copy the following snippet and paste it in the PowerShell. The snippet will be automatically executed line by line.
$tokenEncoded = $(kubectl get secret keptn-api-token -n keptn -ojsonpath='{.data.keptn-api-token}')
[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($tokenEncoded))
In the Windows Command Line, a couple of steps are necessary.
Get the Keptn API Token encoded in base64:
kubectl get secret keptn-api-token -n keptn -ojsonpath={.data.keptn-api-token}
abcdefghijkladfaea
Take the encoded API token; it is the value from the key keptn-api-token
(in this example, it is abcdefghijkladfaea
) and save it in a text file, e.g.: keptn-api-token-base64.txt
Decode the file using certutil
:
certutil -decode keptn-api-token-base64.txt keptn-api-token.txt
Open the newly created file keptn-api-token.txt
, in which you find the API token.
To create an API token, use means provided by the operating system:
To generate an API token, use the following command and store it into the environment variable KEPTN_API_TOKEN
:
KEPTN_API_TOKEN=$(tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 45)
To create an API token, execute:
kubectl create secret generic -n keptn keptn-api-token --from-literal=keptn-api-token="$KEPTN_API_TOKEN"
To generate an API token, use the following command and store it into the environment variable KEPTN_API_TOKEN
:
KEPTN_API_TOKEN=$(LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 45)
To create an API token, execute:
kubectl create secret generic -n keptn keptn-api-token --from-literal=keptn-api-token="$KEPTN_API_TOKEN"
To generate an API token, use the following command and store it into the environment variable $Env:KEPTN_API_TOKEN
:
$Env:KEPTN_API_TOKEN = Write-Output ( -join ((0x30..0x39) + ( 0x41..0x5A) + ( 0x61..0x7A) | Get-Random -Count 45 | % {[char]$_}) )
To create an API token, execute:
kubectl create secret generic -n keptn keptn-api-token --from-literal=keptn-api-token="$Env:KEPTN_API_TOKEN"
If you want to make use of a self provided API token during the installation of Keptn, you can use the tokenSecretName
helm value.
This prevents Helm from generating a new secret on installation and instead has Helm use the secret you provided.
To reset an API token of a Keptn installation, first delete the secret:
kubectl delete secret -n keptn keptn-api-token
Create a new API token as explained above.
Restart API service since it requires the new token:
kubectl delete pods -n keptn --selector=app.kubernetes.io/name=api-service
Re-authenticate Keptn CLI as explained here.
Don’t forget to replace the API token for tools that interact with the Keptn API, e.g., Problem Notification setting in Dynatrace or WebHook in Prometheus.