SSH-only token

Do you want a scoped token that gives a someone SSH access to a specific app and nothing else1? With flyctl v0.2.33, you can give them an SSH-only token:

flyctl tokens create ssh -a my-app > my-app.token.ssh

Give them the token (including the FlyV1 part) and they can run

FLY_API_TOKEN=$(cat my-app.token.ssh) flyctl ssh console -a my-app

1 SSH tokens also have the necessary permissions to create a WireGuard peer, allowing access to the app’s WireGuard network.


From General to Fresh Produce

Added flyctl, security

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.