Bot Users and Tokens
Create Bot Users and issue long-lived JWTs for using symflow
in programmatic contexts.
Overview
Bots are non-human Users in the Sym platform that can be issued special long-lived Tokens. Bots have a few special properties:
- They exist outside of any connected identity service
- They do not have emails
- They can be issued long-lived JWTs
With Token-wielding Bots, you can perform operations that require authentication -- e.g. symflow
commands, or Terraform ops like plan
and apply
-- from within programmatic contexts where human login, short-lived Tokens, and MFA would be problematic.
Bots can be issued multiple Tokens, which can in turn be revoked without impacting their host Bots. The functionality for Bots and Tokens are separated into two overarching commands: symflow bots
, and symflow tokens
.
Don't forget the help flag!
When in doubt,
-h
or--help
will tell you everything you need to know.
Bot Commands
Command | What it does | Example |
---|---|---|
| Creates a new Bot User with the given username. |
|
| Lists all Bot Users and their Token counts. |
|
| Deletes a Bot User with the given username and revokes all their Tokens. |
|
Token Commands
Command | What it does | Example |
---|---|---|
| Issues a new Token for a Bot User via wizard. See flags below for more details. |
|
| Lists all Bot Tokens, including their ID, creator, label, and expiry. |
|
| Revokes a single Token by ID. |
|
Token usage details
issue
issue
At minimum, an undecorated issue
command will prompt for a Bot name and expiration window; a fully decorated command will create a Token without further user input. Only Bot name and expiry are required.
Get your JWT while it's hot!
When a Token is first issued is the only time it will be displayed. Make sure you copy or export it into an env var at time of issue -- otherwise, you will not be able to retrieve it and will need to make a new Token.
Options and flags
Option/flag | What it does | Example values |
---|---|---|
| Selects the existing Bot User for whom a Token will be issued |
|
| Sets the expiration date for the Token, counting from now. Acceptable units are any one of: |
|
| An optional label that will be displayed in the |
|
list
list
The list
command will display all active Tokens for an organization. The Token ID displayed here is not the JWT itself, and has no value in authentication. Rather, it is used only as an argument for the revoke
command.
Token ID User Created By Expires At Label
------------------------------------ ------ ---------------- ----------------------- ---------------------
87434498-3916-1282-948b-d630b2d1bd87 rob [email protected] 2022-11-18 09:52:44 EST One year expiry token
542897fa-a19a-494f-7b25-88a164a4df1e steve [email protected] 2021-12-03 19:59:33 EST
Updated 23 days ago