Controlplane API Tokens
The Chainloop CLI is used to interact with the Chainloop Control Plane supports two authentication methods.
User Authentication
- Meant for interactive use
- Associated with an user account
- Valid for 24 hours
They can be obtained by running the chainloop auth login
command.
API tokens
Alternatively, you can create Service Accounts (API Tokens) that
- Are meant for non-interactive use, i.e automation
- Are associated with a organization
- Have a customizable expiry time that can be manually revoked
- supports ACL for fine-grained access control (SOON)
You can operate on your organization API tokens using the chainloop organization api-token
command.
$ chainloop organization api-token -h
Manage API tokens to authenticate with the Chainloop API.
Usage:
chainloop organization api-token [command]
Aliases:
api-token, token
Available Commands:
create Create an API token
list List API tokens in this organization
revoke revoke API token
and then they can be used by the CLI by either setting CHAINLOOP_API_TOKEN
environment variable or by using the --token
flag, for example
chainloop workflow list --token <your-token>