Skip to main content
infisical service-token create --scope=dev:/global --scope=dev:/backend --access-level=read --access-level=write

Description

The Infisical service-token command allows you to manage service tokens for a given Infisical project. With this command, you can create, view, and delete service tokens.

service-token create

Use this command to create a service token
$ infisical service-token create --scope=dev:/backend/** --access-level=read --access-level=write

Flags

infisical service-token create --scope=dev:/global --scope=dev:/backend/** --access-level=read
Use the scope flag to define which environments and paths your service token should be authorized to access.The value of your scope flag should be in the following <environment slug>:<path>. Here, environment slug refers to the slug name of the environment, and path indicates the folder path where your secrets are stored.For specifying multiple scopes, you can use multiple —scope flags.
The path can be a Glob pattern
infisical service-token create --scope=dev:/global --access-level=read --projectId=63cefb15c8d3175601cfa989
The project ID you’d like to create the service token for. By default, the CLI will attempt to use the linked Infisical project in .infisical.json generated by infisical init command.
infisical service-token create --scope=dev:/global --access-level=read --name service-token-name
Service token nameDefault: Service token generated via CLI
infisical service-token create --scope=dev:/global --access-level=read --expiry-seconds 120
Set the service token’s expiration time in seconds from now. To never expire set to zero.Default: 1 day
infisical service-token create --scope=dev:/global --access-level=read --access-level=write
The type of access the service token should have. Can be read and or write
infisical service-token create --scope=dev:/global --access-level=read --access-level=write --token-only
When true, only the service token will be printedDefault: false