content/chronograf/v1/tools/chronoctl/token.md
The token command reads a private token file, generates and signs the nonce,
and then returns an expiring token to be used in the Authorization header.
For example:
Authorization: CHRONOGRAF-SHA256 <returned-expiring-token>
chronoctl token [flags]
| Flag | Description | Env. Variable | |
|---|---|---|---|
-h | --help | Output command help | |
--chronograf-url | Chronograf's URL (default is http://localhost:8888) | CHRONOGRAF_URL | |
-k | --skip-verify | Skip TLS certification verification | |
--priv-key-file | Private key file location for superadmin token authentication | PRIV_KEY_FILE |
The following example uses the RSA key used when started the Chronograf server and returns an expiring token that can be used to gain superadmin access to Chronograf.
{{% note %}} The private key must correspond to the public key used when starting the Chronograf server. {{% /note %}}
chronoctl token --priv-key-file /path/to/chronograf-rsa