Manage access tokens¶
You can create and distribute access tokens in MSR that grant users access at specific permission levels.
Access tokens are associated with a particular user account. They take on the permissions of that account when in use, adjusting automatically to any permissions changes that are made to the associated user account.
Note
Regular MSR users can create access tokens that adopt their own account permissions, while administrators can create access tokens that adopt the account permissions of any account they choose, including the admin account.
Access tokens are of use in building CI/CD pipelines and other integrations, as you can issue separate tokens for each integration and henceforth deactivate or delete such tokens at any time. You can also use access tokens to generate a temporary password for a user who is locked out of their account.
Note
To monitor users login events, enable the auditAuthLogsEnabled
parameter
in the /settings
API endpoint:
curl -k -u admin:$TOKEN -X POST "https://host:port/api/v0/meta/settings" \
-H "accept: application/json" \
-H "Content-Type: application/json" \
-d "{ \"auditAuthLogsEnabled\": true}"
Create an access token¶
Log in to the MSR web UI as the user whose permissions you want associated with the token.
In the left-side navigation panel, navigate to <user name> > Profile.
Select the Access Tokens tab.
Click New access token.
Add a description for the new token. You can, for example, describe the purpose of the token or illustrate a use scenario.
Click Create. The token will temporarily display. Once you click Done, you will never again be able to see the token.
Modify an access token¶
Although you cannot view the access token itself following its initial display, you can give it a new description, deactivate, or delete the token.
To give an access token a new description:
Select the View details link associated with the required access token.
Enter a new description in the Description field.
Click Save.
To deactivate an access token:
Select View details next to the required access token.
Slide the Is active toggle to the left.
Click Save.
To delete an access token:
Select the checkbox associated with the access token you want to delete.
Click Delete.
Type
delete
in the pop-up window and click OK.
Use an access token¶
You can use an access token anywhere you need an MSR password.
Examples:
You can pass your access token to the
--password
or-p
option when logging in from your Docker CLI client:docker login dtr.example.org --username <username> --password <token>
You can pass your access token to an MSR API endpoint to list the repositories to which the associated user has access:
curl --silent --insecure --user <username>:<token> dtr.example.org/api/v0/repositories