ContextQMD
Back to Infisical

infisical service-token

docs/cli/commands/service-token.mdx

0.159.252.8 KB
Original Source
<Warning> This command is deprecated and will be removed in the near future. Please switch to using [Machine Identities](/documentation/platform/identities/machine-identities) for authenticating with Infisical. </Warning>
bash
infisical service-token create --scope=dev:/global --scope=dev:/backend --access-level=read --access-level=write

Description

The Infisical service-token command allows you to manage service tokens for a given Infisical project. With this command, you can create, view, and delete service tokens.

<Accordion title="service-token create" defaultOpen="true"> Use this command to create a service token
bash
$ infisical service-token create --scope=dev:/backend/** --access-level=read --access-level=write

Flags

<Accordion title="--scope"> ```bash infisical service-token create --scope=dev:/global --scope=dev:/backend/** --access-level=read ``` 
Use the scope flag to define which environments and paths your service token should be authorized to access.

The value of your scope flag should be in the following `<environment slug>:<path>`.
Here, `environment slug` refers to the slug name of the environment, and `path` indicates the folder path where your secrets are stored.

For specifying multiple scopes, you can use multiple --scope flags.

<Info>
  The `path` can be a Glob pattern
</Info>
</Accordion> <Accordion title="--projectId"> ```bash infisical service-token create --scope=dev:/global --access-level=read --projectId=63cefb15c8d3175601cfa989 ``` 
The project ID you'd like to create the service token for.
By default, the CLI will attempt to use the linked Infisical project in `.infisical.json` generated by `infisical init` command.
</Accordion> <Accordion title="--name"> ```bash infisical service-token create --scope=dev:/global --access-level=read --name service-token-name ``` 
Service token name

Default: `Service token generated via CLI`
</Accordion> <Accordion title="--expiry-seconds"> ```bash infisical service-token create --scope=dev:/global --access-level=read --expiry-seconds 120 ``` 
Set the service token's expiration time in seconds from now. To never expire set to zero.

Default: `1 day`
</Accordion> <Accordion title="--access-level"> ```bash infisical service-token create --scope=dev:/global --access-level=read --access-level=write ``` 
The type of access the service token should have. Can be `read` and or `write`
</Accordion> <Accordion title="--token-only"> ```bash infisical service-token create --scope=dev:/global --access-level=read --access-level=write --token-only ``` 
When true, only the service token will be printed

Default: `false`
</Accordion> </Accordion>