HashiTalks 2025 Learn about unique use cases, homelab setups, and best practices at scale at our 24-hour virtual knowledge sharing event. Register
Boundary
Boundary Home

config get-token

Command: boundary config get-token

The config get-token command fetches a token stored by the Boundary CLI.

Examples

The following command gets the token stored by the Boundary CLI:

$ boundary config get-token

Example output:

at_yczA5UPS7Y_s13B5PWh7KENvtKQKgDxaEvP682FMfq5eXrpzKNTpmaHgLS2ucRexrTQ7ueMhDFY5MdFvNuzuTWzUzYgacitnSBaPo75b3XZU4Zp6wmdsXqmkPNY3U

This command can be useful in various situations. For example, developers could share a line such as the following in a shell script, such that each developer on their own machine executes the script using their own Boundary token:

$ curl --header "Authorization: Bearer $(boundary config get-token)" \
   --header "Content-Type: application/json" \
   http://127.0.0.1:9200/v1/roles/r_1234567890

This command keeps parity with the behavior of other Boundary commands; if you set the BOUNDARY_TOKEN environment variable, it overrides the value loaded from the system store. Not only does this keep parity, but it also allows examples such as the one above to work even if there is no stored token, but you specified an environment variable.

Usage

$ boundary config get-token [options] [args]

Command options

  • -account-id - Prints out the account ID associated with the token instead of the token itself, if specified. The default value is false.

  • -auth-method-id - Prints out the auth method ID associated with the token instead of the token itself, if specified. The default value is false.

  • -keyring-type (string: "") - Indicates the type of keyring to use. This value defaults to auto which uses the Windows credential manager, OSX keychain, or cross-platform password store depending on the platform. Set this value to none to disable keyring functionality. The following keyring types are available, depending on platform:

    You can also specify the keyring type using the BOUNDARY_KEYRING_TYPE environment variable.

  • -token-name (string: "") - Indicates whether the given value should be used as the name when loading the token from the system credential store. This value must correspond to a name used when authenticating. You can also specify the token name using the BOUNDARY_TOKEN_NAME environment variable.

  • -user-id - Prints out the user ID associated with the token instead of the token itself, if specified. The default value is false.

CLI options

In addition to the command specific options, there are options common to all CLI commands and subcommands:

Edit this page on GitHub