SSH-only token

btoews · April 11, 2024, 7:40pm

Do you want a scoped token that gives a someone SSH access to a specific app and nothing else¹? With flyctl v0.2.33, you can give them an SSH-only token:


flyctl tokens create ssh -a my-app > my-app.token.ssh

Give them the token (including the FlyV1 part) and they can run


FLY_API_TOKEN=$(cat my-app.token.ssh) flyctl ssh console -a my-app

¹ SSH tokens also have the necessary permissions to create a WireGuard peer, allowing access to the app’s WireGuard network.

btoews · April 15, 2024, 7:18pm

From General to Fresh Produce

btoews · April 15, 2024, 7:18pm

Added flyctl, security

system · April 22, 2024, 7:19pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Generate a one time deploy token wishlist	2	476	March 31, 2023
Deploy Tokens Fresh Produce	19	1989	July 18, 2024
How on earth do you generate a Fly.io auth token with current flyctl??? Questions / Help docs , flyctl	5	121	October 11, 2024
Org Scoped Tokens Fresh Produce	5	884	June 20, 2023
[Code Share] [Fly Utility Script] Fly.io "ship it" script	1	291	May 27, 2023

SSH-only token

Related topics