Service Token
Infisical service tokens allow users to programmatically interact with Infisical.
Service tokens are being deprecated in favor of machine identities.
They will be removed in the future in accordance with the deprecation notice and timeline stated here.
Service tokens are authentication credentials that services can use to access designated endpoints in the Infisical API to manage project resources like secrets. Each service token can be provisioned scoped access to select environment(s) and path(s) within them.
Service Tokens
You can manage service tokens in Access Control > Service Tokens (tab).
Service Token (Current)
Service Token (ST) is the current widely-used authentication method for managing secrets.
Here’s a few pointers to get you acquainted with it:
- When you create a ST, you get a token prefixed with
st
. The part after the last.
delimiter is a symmetric key; everything before it is an access token. When authenticating with the Infisical API, it is important to send in only the access token portion of the token. - ST supports expiration; it gets deleted automatically upon expiration.
- ST supports provisioning
read
and/orwrite
permissions broadly applied to all accessible environment(s) and path(s). - ST is not editable.
Creating a service token
To create a service token, head to Access Control > Service Tokens as shown below and press Create token.
Now input any token configuration details such as which environment(s) and path(s) you’d like to provision the token access to. Here’s some guidance for each field:
- Name: A friendly name for the token.
- Scopes: The environment(s) and path(s) the token should have access to.
- Permissions: You can indicate whether or not the token should have
read/write
access to the paths. Also, note that Infisical supports glob patterns when defining access scopes to path(s). - Expiration: The time when this token should be rendered inactive.
In the above screenshot, you can see that we are creating a token token with read
access to all subfolders at any depth
of the /common
path within the development environment of the project; the token expires in 6 months and can be used from any IP address.
For a deeper understanding of service tokens, it is recommended to read this guide.
FAQ
Was this page helpful?