API Token

In this section, the management of the API token of a Keptn installation is explained.

Retrieve API Token

  • To retrieve the API token of a running Keptn installation, execute:

    kubectl get secret keptn-api-token -n keptn -ojsonpath='{.data.keptn-api-token}'
    
  • To decode the retrieved API token, use means provided by the operating system:

    on Linux / macOS

    kubectl get secret keptn-api-token -n keptn -ojsonpath='{.data.keptn-api-token}' | base64 --decode
    

    on Windows

    Please expand the corresponding section matching your CLI tool.

    PowerShell

    For the Windows PowerShell, a small script is provided that installs the PSYaml module and sets the environment variables. Please note that the PowerShell might have to be started with Run as Administrator privileges to install the module.

    • Copy the following snippet and paste it in the PowerShell. The snippet will be automatically executed line by line.

      $tokenEncoded = $(kubectl get secret keptn-api-token -n keptn -ojsonpath='{.data.keptn-api-token}')
      [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($tokenEncoded))
      

    Command Line

    In the Windows Command Line, a couple of steps are necessary.

    1. Get the Keptn API Token encoded in base64:

      kubectl get secret keptn-api-token -n keptn -ojsonpath={.data.keptn-api-token}
      
      abcdefghijkladfaea
      
    2. Take the encoded API token; it is the value from the key keptn-api-token (in this example, it is abcdefghijkladfaea) and save it in a text file, e.g.: keptn-api-token-base64.txt

    3. Decode the file using certutil:

      certutil -decode keptn-api-token-base64.txt keptn-api-token.txt
      
    4. Open the newly created file keptn-api-token.txt, in which you find the API token.

Create API Token

  • To create an API token, use means provided by the operating system:

    on Linux

    • To generate an API token, use the following command and store it into the environment variable KEPTN_API_TOKEN:

      KEPTN_API_TOKEN=$(tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 45)
      
    • To create an API token, execute:

      kubectl create secret generic -n keptn keptn-api-token --from-literal=keptn-api-token="$KEPTN_API_TOKEN"
      

    on macOS

    • To generate an API token, use the following command and store it into the environment variable KEPTN_API_TOKEN:

      KEPTN_API_TOKEN=$(LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 45)
      
    • To create an API token, execute:

      kubectl create secret generic -n keptn keptn-api-token --from-literal=keptn-api-token="$KEPTN_API_TOKEN"
      

    on Windows PowerShell

    • To generate an API token, use the following command and store it into the environment variable $Env:KEPTN_API_TOKEN:

      $Env:KEPTN_API_TOKEN =  Write-Output ( -join ((0x30..0x39) + ( 0x41..0x5A) + ( 0x61..0x7A) | Get-Random -Count 45  | % {[char]$_}) )
      
    • To create an API token, execute:

      kubectl create secret generic -n keptn keptn-api-token --from-literal=keptn-api-token="$Env:KEPTN_API_TOKEN"
      

Reset API Token

  • To reset an API token of a Keptn installation, first delete the secret:

    kubectl delete secret -n keptn keptn-api-token
    
  • Create API token as explained above.

  • Re-start API service since it requires the new token:

    kubectl delete pods -n keptn --selector=app.kubernetes.io/name=api-service
    
  • Re-authenticate Keptn CLI as explained here.

  • Don’t forget to replace the API token at tools that interact with the Keptn API, e.g., Problem Notification setting in Dynatrace or WebHook in Prometheus.