This topic describes how to configure your access tokens for Supply Chain Security Tools - Store.
The access token is a Bearer
token used in the http request header Authorization
. For example, Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjhMV0...
.
Service accounts are required to have associated access tokens. Before Kubernetes 1.24, service accounts generated access tokens automatically. Since Kubernetes 1.24, a secret must be applied manually.
By default, Supply Chain Security Tools - Store includes a read-write
service account installed with an access token generated. This service account is cluster-wide. If you want to create your own service accounts, see Create Service Accounts.
When using the insight
plug-in, you must set the METADATA_STORE_ACCESS_TOKEN
environment variable, or use the --access-token
flag. VMware discourages using the --access-token
flag as the token appears in your shell history.
The following command retrieves the access token from the default metadata-store-read-write-client
service account and stores it in METADATA_STORE_ACCESS_TOKEN
:
export METADATA_STORE_ACCESS_TOKEN=$(kubectl get secrets metadata-store-read-write-client -n metadata-store -o jsonpath="{.data.token}" | base64 -d)