Keptn v1 reached EOL December 22, 2023. For more information see https://bit.ly/keptn
Home / Keptn v1 Docs / Installation / Authenticate Keptn CLI and Bridge
Authenticate Keptn CLI and Bridge
To authenticate and associate the Keptn CLI and Keptn bridge to your Keptn cluster, you need the exposed Keptn endpoint and API token. The endpoint values and the method of querying them is determined by the access options you use. See Choose access options for details.
Authenticate Keptn CLI
To authenticate the Keptn CLI against the Keptn cluster, the exposed Keptn endpoint and API token are required. After installing Keptn, you already have your Keptn endpoint.
- Set the environment variable
KEPTN_API_TOKEN:
KEPTN_API_TOKEN=$(kubectl get secret keptn-api-token -n keptn -ojsonpath={.data.keptn-api-token} | base64 --decode)
- To authenticate the CLI against the Keptn cluster, use the keptn auth command:
keptn auth --endpoint=$KEPTN_ENDPOINT --api-token=$KEPTN_API_TOKEN
Note: If you receive a warning Using a file-based storage for the key because the password-store seems to be not set up. this is because a password store could not be found in your environment. In this case, the credentials are stored in ~/.keptn/.password-store in your home directory.
Please expand the corresponding section matching your CLI tool:
For the Windows PowerShell, a small script is provided that installs the PSYaml module and sets the environment variables.
- Set the environment variable
KEPTN_ENDPOINT:
$Env:KEPTN_ENDPOINT = 'http://<ENDPOINT_OF_API_GATEWAY>/api'
- Copy the following snippet and paste it in the PowerShell. The snippet retrieves the API token and sets the environment variable
KEPTN_API_TOKEN:
$tokenEncoded = $(kubectl get secret keptn-api-token -n keptn -ojsonpath='{.data.keptn-api-token}')
$Env:KEPTN_API_TOKEN = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($tokenEncoded))
- To authenticate the CLI against the Keptn cluster, use the keptn auth command:
keptn auth --endpoint=$Env:KEPTN_ENDPOINT --api-token=$Env:KEPTN_API_TOKEN
In the Windows Command Line, a couple of steps are necessary.
- Set the environment variable
KEPTN_ENDPOINT:
set KEPTN_ENDPOINT=http://<ENDPOINT_OF_API_GATEWAY>/api
- Get the Keptn API Token encoded in base64:
kubectl get secret keptn-api-token -n keptn -ojsonpath={.data.keptn-api-token}
abcdefghijkladfaea
-
Take the encoded API token - it is the value from the key
keptn-api-token(in this example, it isabcdefghijkladfaea) and save it in a text file, e.g.,keptn-api-token-base64.txt -
Decode the file:
certutil -decode keptn-api-token-base64.txt keptn-api-token.txt
- Open the newly created file
keptn-api-token.txt, copy the value and paste it into the next command:
set KEPTN_API_TOKEN=keptn-api-token
- To authenticate the CLI against the Keptn cluster, use the keptn auth command:
keptn.exe auth --endpoint=$Env:KEPTN_ENDPOINT --api-token=$Env:KEPTN_API_TOKEN
Authenticate Keptn Bridge
After installing and exposing Keptn, you can access the Keptn Bridge by using a browser and navigating to the Keptn endpoint without the api path at the end of the URL.
You can also use the Keptn CLI to retrieve the Bridge URL using:
keptn status
The Keptn Bridge has basic authentication enabled by default and the default user is keptn with an automatically generated password.
- To get the username for authentication, execute:
kubectl get secret -n keptn bridge-credentials -o jsonpath="{.data.BASIC_AUTH_USERNAME}" | base64 --decode
- To get the password for authentication, execute:
kubectl get secret -n keptn bridge-credentials -o jsonpath="{.data.BASIC_AUTH_PASSWORD}" | base64 --decode
- If you want to change the user and password for the authentication, follow the instructions here.
