Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
r
Ryan
07/28/2021, 6:34 PMHas anyone seen a situation where the CLI context (API token) seems to stop working?
We have it configured in
/root/.fleet/configfleetctl$ fleetctl get labels --yaml
could not list labels: get labels received status 401 Authentication required: Authentication requiredSeems that maybe the token is expired if I log out of the web interface. Is there a way to generate one that persists? Explanation is there's an 'admin' user which has the token, but end-users are logging in with their own users. So I logged in as 'admin', generated the token, tested it (it worked) then I logged out, so I could log back in as myself.
r
Rachel Perkins
07/28/2021, 10:25 PMUpgrade Fleet to 4.x would invalidate your API token. The upgrade section talks about major changes that you might want to be aware of: https://github.com/fleetdm/fleet/releases/tag/v4.0.0 This won't happen on future updates. Let us know if you haven't recently upgraded or are still having trouble so we could figure this out!
r
Ryan
07/29/2021, 9:36 AMHi @Rachel Perkins yeah I regenerated the token from 4.x, but the same issue seems to happen, when I log out, the token seems to get invalidated.
This time I regenerated it, then rather than logging out, I went back to
/loginr
Rachel Perkins
07/29/2021, 4:10 PMAck! Yes, logging out does invalidate the token. Try using SSO if you haven't already or another work around is using
fleetctl loginr
Ryan
07/30/2021, 10:09 AMAh right, well for now I did my little "cheat" above, but since we're pushing these configs out via configuration management, it's a bit of a pain if there's no way to generate a more "permanent" token.
r
Rachel Perkins
07/30/2021, 9:16 PMYou can config the expiration but unfortunately not the invalidation on logout. Take a look at the fleet server configure docs
r
Ryan
08/31/2021, 9:48 AMok thanks!