Managing tokens

How to manage your tokens. Learn how to list, create and revoke tokens.

This page descibes how you can create new tokens, list existing tokens and revoke tokens that are no longer valid.

A token will automatically be stored in your .npmrc file when you use the npm login to authenticate and login to your registry.

But teams and organizations might want to create specific tokens for CI/CD systems or for sharing.

Continue reading to learn how to work with tokens.

Prerequisites

To work with tokens you need to be authenticated with a user that has read/write permissions, typically your admin user (a read-only token cannot be used to create new tokens).

Create a token

To create a token for your Bytesafe registry, a password is required. This password is fetched from the top of the registry page in the Bytesafe web console.

You should also take into consideration if you want a token that is read-only or not. For example, a CI/CD environment might only require read permissions. See the examples below how to create a read-write and read-only tokens.

Read-write token

npm --registry 'https://example.bytesafe.dev/r/default/' token create

The newly created read-write token is displayed in the terminal after executing the command above and entering a valid password for the registry.

| token            | 01EPF8PPQ9WZQ5TADPCV8DPMG5       |
|------------------|----------------------------------|
| readonly         | false                            |
| cidr_whitelist   | null                             |
| created          | 2020-11-06T17:12:14Z             |

Read-only token

npm --registry 'https://example.bytesafe.dev/r/default/' token create --read-only

The newly created read-write token is displayed in the terminal after executing the command above and entering a valid password for the registry.

| token            | 01EPF8RQX26R2Q2ZCY28AP1JMH       |
|------------------|----------------------------------|
| readonly         | true                            |
| cidr_whitelist   | null                             |
| created          | 2020-11-06T17:13:21Z             |

List all tokens

To list all available tokens use the command below. The output only shows the last couple of characters of the actual token (the full token is only available on creation).

The response when executing the command also includes information regarding if the token is read-only or not.

npm token list

Example output with both read/write tokens

| id        | token           | created         | readonly  | CIDR whitelist   |
|-----------|-----------------|-----------------|-----------|------------------|
| 2b4fc6    | KMQP71...       | 2020-11-06      | no        |                  |
| 85abee    | 8DPMG5...       | 2020-11-06      | no        |                  |
| 807d1f    | AP1JMH...       | 2020-11-06      | true      |                  |

Currently Bytesafe does not support CIDR whitelist.

Revoke a token

The tokens created are long-lived and will therefore be valid until they expire.

If you want to revoke a token this is done by executing the command below. You can also remove multiple tokens by providing a list of comma separated token IDs

npm token revoke <token IDs>

Example of how to remove a token.

npm token revoke 85abee

The out put confirms the number of removed tokens

Removed 1 token