Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync main with dev #1672

Merged
merged 19 commits into from
Nov 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
# Manage Authentication with Personal Access Tokens

Personal access tokens (PATs) provide a secure method to authenticate with the Choreo CLI, allowing you to manage access without relying on primary credentials.

## What are personal access tokens?

Personal access tokens are unique strings that provide an alternative to username and password authentication. You can create PATs for specific use cases, associating them with your account to grant granular access to your application resources as needed.

!!! note
PATs should be treated like passwords and stored securely.

## Sample use cases for personal access tokens

PATs are versatile and suitable for various tasks in the Choreo CLI:

- **Automated scripting**: To use in scripts for CI/CD pipelines or task automation, avoiding repeated sign-in prompts. This simplifies setting up CI/CD pipelines or other automation that rely on the CLI.
- **Granular permissions for specific tasks**: To limit access to certain commands or specific features without providing full access, you can configure PATs with restricted permissions.
- **Temporary access**: To grant temporary access for short-term projects or collaborations, without sharing full credentials.
- **Integration with third-party tools**: To authenticate other tools or services that need access to
your resources, such as analytics tools, monitoring systems, or deployment services. This approach keeps your main
credentials secure while allowing API access.
- **Multiple account management**: If you work with multiple accounts or roles, you can
use separate PATs for each role for easy context switching.

## Set up personal access tokens

To create a PAT to use with the Choreo CLI, you must set up and retrieve a token from the Choreo Console.

Follow these steps to create a PAT for Choreo CLI:

1. Sign in to the [Choreo Console](https://console.choreo.dev/).
2. Go to the Choreo Console header right corner, click your profile picture, and then click **Account Settings**.

![Profile](../assets/img/choreo-cli/personal-access-tokens/profile.png)

3. Click the **Personal Access Tokens** tab.

![Account settings](../assets/img/choreo-cli/personal-access-tokens/account-settings.png)

4. Click **+ Create New**.
5. Specify a name for your token and define its scopes and permissions. By default, all necessary scopes for CLI functionality are selected.

![Create a PAT](../assets/img/choreo-cli/personal-access-tokens/create-a-pat.png)

6. Click **Generate**.
7. Copy and securely store the displayed token. You won’t be able to view it again.
8. Click **Done**.

!!! info "Caution"
- Treat the token as confidential information.
- Avoid storing the token in unprotected files.

## Use a personal access token with the Choreo CLI

Once you generate a token, you can use it to authenticate with the Choreo CLI and perform various operations.

### Command syntax

To log in with the token, use the following command:

```bash
choreo login --with-token
```

This command reads the token from the standard input.

**Example:**

```bash
export CHOREO_TOKEN= <YOUR_PERSONAL_ACCESS_TOKEN>
echo "$CHOREO_TOKEN" | choreo login --with-token
```

!!! note
Replace `YOUR_PERSONAL_ACCESS_TOKEN` with your actual token.

## Manage and revoke tokens

To manage or revoke existing tokens, follow these steps:

1. Sign in to the [Choreo Console](https://console.choreo.dev/).
2. Go to the Choreo Console header right corner, click your profile picture, and then click **Account Settings**.
3. On the **Account settings** page, click the **Personal Access Tokens** tab.
4. Go to the token you want to revoke and click **Revoke**.

!!! tip
To maintain security, you must regularly review and revoke tokens that are no longer in use.

![PAT listing](../assets/img/choreo-cli/personal-access-tokens/pat-listing.png)

## Best practices for token management

- **Limit scope:** Assign only the necessary permissions to each token.
- **Rotate tokens regularly:** Replace tokens periodically to enhance security.
- **Use secure storage:**  Store tokens in a secure location, such as a secrets manager.
- **Revoke unused tokens:** Regularly audit and revoke inactive tokens.
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ To configure managed authentication, follow the steps given below:
1. In the left navigation menu, click **Deploy**.
2. In the **Set Up** card, click **Configure and Deploy**. This opens the **Configure & Deploy** pane, where you can specify values for the mount file.
3. Specify the following in the `config.js` file mount.
- You must replace `<Service URL>` with the value that you copied when creating a connection to the `Reading List Service` in [step 6.2](#step-62-create-a-connection-to-the-deployed-service).
- You must replace `<Service URL>` with the value that you copied when creating a connection to the `Reading List Service` in [step 6.2](#step-62-create-a-connection-between-the-web-application-and-the-deployed-service).

```javascript
window.configs = {
Expand Down
5 changes: 3 additions & 2 deletions en/mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ nav:
- Home: index.md
- Introduction:
- What is Choreo?: what-is-choreo.md
- Quick Start Guide:
- Quick Start Guides:
- Deploy Your First Service: quick-start-guides/deploy-your-first-service.md
- Deploy Your First Static Web Application: quick-start-guides/deploy-your-first-static-web-application.md
- Deploy a Web Application that Consumes a Backend Service: quick-start-guides/deploy-a-web-application-that-consumes-a-backend-service.md
Expand Down Expand Up @@ -215,7 +215,8 @@ nav:
- Integrate Choreo with Moesif: monitoring-and-insights/integrate-choreo-with-moesif.md
- Choreo CLI:
- Choreo CLI Overview: choreo-cli/choreo-cli-overview.md
- Get Started with the Choreo CLI: choreo-cli/get-started-with-the-choreo-cli.md
- Get Started with the Choreo CLI: choreo-cli/get-started-with-the-choreo-cli.md
- Manage Authentication with Personal Access Tokens: choreo-cli/manage-authentication-with-personal-access-tokens.md
- Administer:
- Control Access in the Choreo Console: administer/control-access-in-the-choreo-console.md
- Configure a Custom Domain for Your Organization: administer/configure-a-custom-domain-for-your-organization.md
Expand Down