TL;DR we’re introducing a new type of deploy tokens that are limited to a specific organization. We’ve also added commands to list and revoke your deploy tokens.
fly auth token gives you are terrifying and it’s not fun to use them. Deploy tokens are cool, because they help make access tokens less scary by scoping the token to an app. That said, we understand there are some in-between cases where it would be useful to have a token that isn’t as powerful as a personal access token but not locked to a specific app. Lots of folks want to automate a whole org but only that org. Here are some use cases we’ve heard from users:
- CI tokens that are empowered to create/manipulate different test apps within an organization
- CI Tokens that only have access to one staging/production/testing “environment” orgs
- A token for the machine API that can be used to orchestrate machines for running user workloads within a specific org
To that end we are adding organization scoped tokens, as well as tooling to help you manage and revoke them.
$ flyctl tokens create org -h Create an API token limited to managing a single org and its resources. Tokens are valid for 20 years by default. We recommend using a shorter expiry if practical. Usage: flyctl tokens create org [flags] Flags: -x, --expiry duration The duration that the token will be valid (default 175200h0m0s) -h, --help help for org -j, --json JSON output Global Flags: -t, --access-token string Fly API Access Token --verbose Verbose output $ flyctl tokens list -h List deploy tokens Usage: flyctl tokens list [flags] Flags: -a, --app string Application name -h, --help help for list -j, --json JSON output -s, --scope string either 'app' or 'org' (default "app") Global Flags: -t, --access-token string Fly API Access Token --verbose Verbose output $ flyctl tokens revoke -h used like: 'fly tokens revoke [ids]' Usage: flyctl tokens revoke [flags] Flags: -h, --help help for revoke Global Flags: -t, --access-token string Fly API Access Token --verbose Verbose output
This is available as of flyctl