ZTS Role Token Client application in Go to request a role token from ZTS Server for the given identity to access a role in a provider domain:
There are three possible ways to use the utility:
- using your athenz service identity certificate
$ zts-roletoken -domain <domain> [-role <role>] -svc-key-file <private-key-file> -svc-cert-file <service-cert-file> -zts <ZTS url> [-expire-time <expire-time-in-mins>]- using ntoken from a file
$ zts-roletoken -domain <domain> [-role <role>] -ntoken-file <ntoken-file> -zts <ZTS url> [-expire-time <expire-time-in-mins>]- using ntoken as command-line (not recommended since others running ps might see your ntoken).
$ zts-roletoken -domain <domain> [-role <role>] -ntoken <ntoken> -zts <ZTS url> [-expire-time <expire-time-in-mins>]The service identity ntoken can be obtained by using the zms-svctoken utility. The optional expire-time argument specifies how long the role token should be valid for. The value must be specified in minutes. The defualt if no value is specified is 120 minutes.
Copyright The Athenz Authors
Licensed under the Apache License, Version 2.0