Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.



The tokengen component generates admin-api tokens and stores them in the admin object storage. You run the tokengen component with the configuration flag -target=tokengen. It requires admin client object storage configuration to persist the generated token. To configure the admin client object storage configuration, refer to admin_client_config.

The tokengen component logs the generated token and optionally writes it to the path specified by the configuration flag -tokengen.token-file. It can be run multiple times, generating a new token each time. Previously generated tokens continue to be valid.

By default, tokens generated by tokengen use the built-in admin access policy. To specify an alternative access policy, use the configuration flag -tokengen.access-policy.