Application Token

`sfp server application-token`

Manage application tokens for programmatic access to the SFP server

Commands

sfp server application-token create - Create a new application token
sfp server application-token list - List all application tokens
sfp server application-token revoke - Revoke an application token

`sfp server application-token create`

Create a new application token for CI/CD and automation use.

USAGE
  $ sfp server application-token create -n <value> [--json] [-x <value>] [--sfp-server-url
    <value>] [-e <value>] [-g <value>...] [--loglevel
    trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

FLAGS
  -n, --name=<value>                (required) Name of the token
  -x, --expires-in=<value>          [default: 30] Token expiration time in days
  -e, --email=<value>               Email address for the authenticated CLI user
  --sfp-server-url=<value>          URL of the SFP server
  --json                            Format output as json
  -g, --logsgroupsymbol=<value>...  Symbol used by CICD platform to group/collapse logs
  --loglevel=<option>               [default: info] logging level for this command invocation
                                    <options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>

DESCRIPTION
  Create a new application token

  Application tokens are used for:
  - CI/CD pipeline authentication
  - Automated scripts and tools
  - Service-to-service communication
  - Non-interactive authentication scenarios

EXAMPLES
  $ sfp server application-token create --name "CI Token" --expires-in 30

  $ sfp server application-token create --name "GitHub Actions" --expires-in 90 --email [email protected]

  $ sfp server application-token create --name "Jenkins Build" --expires-in 7

  $ sfp server application-token create --name "Production Deploy" --expires-in 365 --json

Token Creation Process

Create the token:

sfp server application-token create --name "GitHub Actions" --expires-in 90

Save the token securely:

Application token created successfully!

Token: sfp_app_1234567890abcdef...
Name: GitHub Actions
Expires: 2024-04-15T10:30:00Z

⚠️  Save this token securely. It cannot be retrieved again.

Use in CI/CD:

# GitHub Actions example
env:
  SFP_APPLICATION_TOKEN: ${{ secrets.SFP_TOKEN }}

`sfp server application-token list`

List all application tokens associated with your account.

USAGE
  $ sfp server application-token list [--json] [--sfp-server-url <value>] [-e <value>]
    [-g <value>...] [--loglevel
    trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

FLAGS
  -e, --email=<value>               Email address for the authenticated CLI user
  --sfp-server-url=<value>          URL of the SFP server
  --json                            Format output as json
  -g, --logsgroupsymbol=<value>...  Symbol used by CICD platform to group/collapse logs
  --loglevel=<option>               [default: info] logging level for this command invocation
                                    <options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>

DESCRIPTION
  List all application tokens

  Shows:
  - Token name
  - Creation date
  - Expiration date
  - Status (active/expired)
  - Last used date

EXAMPLES
  $ sfp server application-token list

  $ sfp server application-token list --json

  $ sfp server application-token list --email [email protected]

Output example:

Application Tokens:

  CI Token
    ID: tok_abc123
    Created: 2024-01-01T10:00:00Z
    Expires: 2024-01-31T10:00:00Z
    Status: Active
    Last Used: 2024-01-15T14:30:00Z

  GitHub Actions
    ID: tok_def456
    Created: 2023-12-01T09:00:00Z
    Expires: 2024-03-01T09:00:00Z
    Status: Active
    Last Used: 2024-01-15T16:45:00Z

  Jenkins Build (Expired)
    ID: tok_ghi789
    Created: 2023-11-01T08:00:00Z
    Expired: 2023-11-08T08:00:00Z
    Status: Expired

`sfp server application-token revoke`

Revoke an existing application token.

USAGE
  $ sfp server application-token revoke -i <value> [--json] [--sfp-server-url <value>]
    [-e <value>] [-g <value>...] [--loglevel
    trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

FLAGS
  -i, --id=<value>                  (required) ID of the token to revoke
  -e, --email=<value>               Email address for the authenticated CLI user
  --sfp-server-url=<value>          URL of the SFP server
  --json                            Format output as json
  -g, --logsgroupsymbol=<value>...  Symbol used by CICD platform to group/collapse logs
  --loglevel=<option>               [default: info] logging level for this command invocation
                                    <options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>

DESCRIPTION
  Revoke an application token

  Once revoked, the token cannot be used for authentication.
  This action is immediate and cannot be undone.

EXAMPLES
  $ sfp server application-token revoke --id tok_abc123

  $ sfp server application-token revoke --id tok_def456 --json

  $ sfp server application-token revoke --id tok_ghi789 --email [email protected]

Use Cases

CI/CD Pipeline Integration

GitHub Actions:

name: Deploy to Production
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Deploy using SFP
        env:
          SFP_APPLICATION_TOKEN: ${{ secrets.SFP_APP_TOKEN }}
          SFP_SERVER_URL: https://sfp.example.com
        run: |
          sfp release --environment production

Jenkins:

pipeline {
    agent any
    environment {
        SFP_APPLICATION_TOKEN = credentials('sfp-app-token')
        SFP_SERVER_URL = 'https://sfp.example.com'
    }
    stages {
        stage('Deploy') {
            steps {
                sh 'sfp release --environment staging'
            }
        }
    }
}

Automated Scripts

#!/bin/bash
# automated-deployment.sh

export SFP_APPLICATION_TOKEN="sfp_app_1234567890abcdef..."
export SFP_SERVER_URL="https://sfp.example.com"

# Run deployment
sfp build --branch main
sfp publish
sfp release --environment production

Security Best Practices

Token Rotation:
- Regularly rotate tokens (every 30-90 days)
- Use shorter expiration for high-privilege tokens
Secure Storage:
- Store tokens in secure vaults (HashiCorp Vault, AWS Secrets Manager)
- Never commit tokens to version control
- Use environment variables or secret management systems
Principle of Least Privilege:
- Create separate tokens for different purposes
- Limit token scope when possible
Monitoring:
- Regularly review token usage with list command
- Revoke unused tokens promptly
- Monitor for suspicious activity

Token Management Workflow

# 1. Create token for CI/CD
sfp server application-token create --name "Production CI" --expires-in 90

# 2. List and monitor tokens
sfp server application-token list

# 3. Revoke when no longer needed
sfp server application-token revoke --id tok_abc123

Security Warning: Application tokens have the same permissions as the user who created them. Treat them as passwords and protect accordingly.

Note: Tokens are automatically revoked upon expiration. Set appropriate expiration times based on your security requirements.

Last updated 4 months ago

Good morning

sfp server application-token