kms service-token

This command is deprecated and will be removed in the near future. Please switch to using Machine Identities for authenticating with Hanzo KMS.

kms service-token create --scope=dev:/global --scope=dev:/backend --access-level=read --access-level=write

Description

Use this command to create a service token

$ kms service-token create --scope=dev:/backend/** --access-level=read --access-level=write

Flags

kms service-token create --scope=dev:/global --scope=dev:/backend/** --access-level=read

Use the scope flag to define which environments and paths your service token should be authorized to access.

The value of your scope flag should be in the following <environment slug>:<path>. Here, environment slug refers to the slug name of the environment, and path indicates the folder path where your secrets are stored.

For specifying multiple scopes, you can use multiple --scope flags.

The path can be a Glob pattern

kms service-token create --scope=dev:/global --access-level=read --projectId=63cefb15c8d3175601cfa989

The project ID you'd like to create the service token for. By default, the CLI will attempt to use the linked Hanzo KMS project in .kms.json generated by kms init command.

kms service-token create --scope=dev:/global --access-level=read --name service-token-name

Service token name

Default: Service token generated via CLI

kms service-token create --scope=dev:/global --access-level=read --expiry-seconds 120

Set the service token's expiration time in seconds from now. To never expire set to zero.

Default: 1 day

kms service-token create --scope=dev:/global --access-level=read --access-level=write

The type of access the service token should have. Can be read and or write

kms service-token create --scope=dev:/global --access-level=read --access-level=write --token-only

When true, only the service token will be printed

Default: false