Personal Access Tokens
You can use Personal Access Tokens instead of OAuth to authenticate with Okteto. They're especially useful for scripting.
Important: For shared automations, like Preview Environments, it's recommended that you use Admin Access Tokens. They're created in the same way as described here, but through the Admin dashboard.
Creating a Personal Access Token
- Navigate to the Okteto Dashboard
- Click on the Settings icon on the navigation bar at the left.
- Click on the New Token button.
- Give your token a descriptive name, select the expiration, and click the Generate button.
- Copy the token to your clipboard. For security reasons, after you navigate off the page, you will not see the token again.
Treat your tokens like passwords and keep them secret. Always use tokens as environment variables instead of hardcoding them into your programs.
Token Expiration
When you create a token, you can select the expiration, the default expiration is 180 days. Once a token has expired, it can no longer be used to authenticate or for API requests. It is not possible to restore an expired token, you will need to create a new token upon expiration.
A banner will be displayed a week before your token expires to remind you of this. We recommend that you take the appropriate measures once you see this banner in order to prevent any potential disruptions.
The state and expiration date of every token will be displayed in the UI.
Using a Token on the Command Line
Once you have a token, you can use it to authenticate with the Okteto CLI instead of using your browser, as shown below:
$ okteto context use https://okteto.example.com --token $YOUR_TOKEN
Personal Access Tokens can also be used when setting the OKTETO_TOKEN
environment variable.
$ export OKTETO_TOKEN=xxxxxxx
$ okteto namespace create test-cindy
Revoking a Personal Access Token
- Sign in to your Okteto account.
- Click on the settings icon on the left tab.
- Click on the Delete button.
- Click on the Delete Token button to confirm that you want to delete your token.
Once deleted, the token is automatically revoked, and it can't be recovered.