I don t suppose it s possible to use the fleetctl CLI with a

Question

I don t suppose it s possible to use the fleetctl CLI with an api only user

Scott Blake · Answer

I m trying to write an automated backup solution that performs a few `fleetctl get ` commands

Noah Talerman · Answer

Hey Scott API only users do have permissions to run `fleetctl` commands API only users do not have permissions to access the Fleet UI

Scott Blake · Answer

So I m running into issues logging in with one I used the API login endpoint and grabbed the token I then do `fleetctl config set token` and it complains that I need to login

Scott Blake · Answer

I feel like I m missing a step but I m not sure where

Scott Blake · Answer

The documentation is a bit lacking in this area

Noah Talerman · Answer

gt then do `fleetctl config set token` and it complains that I need to login This is unexpected Sorry that you re experiencing this issue If you re able to can you please include the `fleetctl config` command you ran and the output in this thread withholding any tokens credentials This way the Fleet team can attempt to reproduce the issue gt The documentation is a bit lacking in this area Agreed I filed an issue to improve the docs here <https github com fleetdm fleet issues 4533>

Noah Talerman · Answer

As a current workaround you can run the `fleetctl login` command and enter the API only user s credentials when prompted Then after successful login you can run `fleetctl get` commands

Scott Blake · Answer

Thank you I m in a meeting right now but I will get that info to you when I can

Scott Blake · Answer

Okay while grabbing logs I noticed that `force password reset` is `true` I figure that s why the session is invalid I just deleted and re created my api only user and that flag is still true

Scott Blake · Answer

That was definitely it You can create a user in the API with that flag set to false but not via CLI

Scott Blake · Answer

It is now working as expected setting the token is all that is necessary to obtain a session

Noah Talerman · Answer

Glad you were successful gt I noticed that `force password reset` is `true` Ah got it This is not an ideal experience when creating an API only user via CLI because currently the only way to trigger this password reset and set `force password reset` to `false` is by logging in via the UI

Scott Blake · Answer

No it s not I would think that would default to false for api only It should also be configurable via CLI like it is via API I plan to create an issue on it when I get a minute

Scott Blake · Answer

FYI <https github com fleetdm fleet issues 4540>

Scott Blake · Answer

thanks for the help today < Noah Talerman>

Noah Talerman · Answer

Thank you for filing the issue