Auth Token Command¶

The auth token command configures your DBSnapper Cloud API token, enabling authentication with DBSnapper Cloud services. This essential command unlocks cloud features including shared targets, cloud storage, and team collaboration capabilities.

Overview¶

The auth token command provides secure API token management: - Cloud authentication: Establishes secure connection to DBSnapper Cloud - Token storage: Encrypts and stores API tokens in configuration file - Access enablement: Unlocks cloud targets, shared targets, and cloud storage - Team integration: Enables participation in team collaboration features - Multi-environment support: Manages different tokens for different environments

Syntax¶

dbsnapper auth token <api_token> [flags]

Arguments¶

<api_token>: The API token obtained from DBSnapper Cloud dashboard

Options¶

  -h, --help   help for token

API Token Acquisition¶

Getting Your API Token¶

Visit DBSnapper Cloud: Navigate to https://app.dbsnapper.com
Create Account: Register for a new account or sign in to existing account
Access Dashboard: Navigate to the main dashboard after login
Get Started Page: Go to the "Get Started" section
Copy Token: Copy your personal API token from the Get Started page

Token Characteristics¶

Unique identifier: Each user has a unique API token
Secure format: Long, cryptographically secure string
Limited scope: Token permissions are limited to your account
Revocable: Tokens can be revoked from the cloud dashboard

How It Works¶

Token Storage Process¶

Validation: Verifies token format and basic validity
Encryption: Encrypts token using your configuration's secret key
Configuration update: Adds encrypted token to configuration file
Cloud connection: Tests connection to verify token functionality
Feature activation: Enables cloud features for subsequent commands

Configuration Integration¶

The token is stored in your configuration file's authtoken field:

# Before token configuration
authtoken: ""

# After token configuration
authtoken: "encrypted_token_value_here"

Token Security¶

Encryption at Rest¶

Secret key encryption: Tokens encrypted using your configuration's secret key
No plain text: Tokens never stored in plain text
File protection: Configuration file should have restricted permissions

Secure Handling¶

# Set appropriate file permissions
chmod 600 ~/.config/dbsnapper/dbsnapper.yml

# Verify permissions
ls -la ~/.config/dbsnapper/dbsnapper.yml
# Should show: -rw------- (owner read/write only)

Environment Variable Alternative¶

For automation and CI/CD, use environment variables:

# Set token via environment variable
export DBSNAPPER_AUTHTOKEN="your_token_here"

# DBSnapper will use environment variable over config file
dbsnapper targets  # Uses token from environment

Example Usage¶

Basic Token Configuration¶

# Configure API token (replace with your actual token)
dbsnapper auth token hNsdelkjcxgoiuwalkmcgoi1234567890abcdef

Output:

✅ DBSnapper Cloud API token configured successfully
✅ Cloud connectivity verified
🔗 You now have access to cloud features:
  - Cloud targets
  - Shared targets  
  - Cloud storage profiles
  - Team collaboration

Environment-Specific Configuration¶

# Configure token for development environment
dbsnapper auth token --config ~/.config/dbsnapper/dev.yml <dev_token>

# Configure token for production environment
dbsnapper auth token --config ~/.config/dbsnapper/prod.yml <prod_token>

# Use specific environment
dbsnapper --config ~/.config/dbsnapper/dev.yml targets

Verification After Configuration¶

# Verify cloud connectivity
dbsnapper config check | grep "DBSnapper Cloud"

# List targets to see cloud and shared targets
dbsnapper targets

# Check for cloud-specific features
dbsnapper targets | grep -E "(cloud|share)"

Use Cases¶

Individual Developer Setup¶

# Personal development setup
dbsnapper auth token <personal_token>

# Verify access to personal cloud targets
dbsnapper targets | grep cloud

# Access shared team data
dbsnapper targets | grep share

Team Member Onboarding¶

# New team member setup
# 1. Team lead provides onboarding instructions
# 2. New member creates DBSnapper Cloud account
# 3. Configures authentication
dbsnapper auth token <new_member_token>

# 4. Verifies access to shared team resources
dbsnapper targets | grep share
dbsnapper pull shared-development-data

CI/CD Pipeline Configuration¶

# Automated pipeline setup
# Store token in CI/CD secrets management
export DBSNAPPER_AUTHTOKEN="$CI_DBSNAPPER_TOKEN"

# Verify authentication in pipeline
if ! dbsnapper config check | grep -q "DBSnapper Cloud connected"; then
    echo "Cloud authentication failed"
    exit 1
fi

# Use cloud features in automation
dbsnapper pull production-snapshots

Multi-Environment Management¶

# Development environment
dbsnapper auth token --config config/dev.yml <dev_token>

# Staging environment
dbsnapper auth token --config config/staging.yml <staging_token>

# Production environment
dbsnapper auth token --config config/prod.yml <prod_token>

# Verify each environment
for env in dev staging prod; do
    echo "Testing $env environment..."
    dbsnapper --config config/$env.yml config check
done

Token Rotation¶

# Regular security maintenance
# 1. Generate new token in cloud dashboard
# 2. Update configuration
dbsnapper auth token <new_token>

# 3. Verify new token works
dbsnapper config check

# 4. Revoke old token in cloud dashboard

Cloud Features Enabled¶

After Token Configuration¶

Once authenticated, you gain access to:

Cloud Targets¶

# List cloud-managed targets
dbsnapper targets | grep cloud

# Build snapshots with cloud storage
dbsnapper build cloud-production-db

Shared Targets¶

# Access team-shared targets (via Okta SSO)
dbsnapper targets | grep share

# Pull shared sanitized snapshots
dbsnapper pull team-development-data

Cloud Storage Profiles¶

# Configure cloud storage in your configuration
storage_profiles:
  aws-s3:
    type: "s3"
    region: "us-west-2"
    bucket: "my-snapshots"
    access_key_id: "${AWS_ACCESS_KEY_ID}"
    secret_access_key: "${AWS_SECRET_ACCESS_KEY}"

Web Interface Integration¶

Target management: Manage targets via web interface
Snapshot browsing: Browse snapshots in cloud dashboard
Team management: Manage team members and permissions
Usage monitoring: Monitor snapshot usage and costs

Token Management¶

Token Lifecycle¶

Generation: Create token in DBSnapper Cloud dashboard
Configuration: Add token to DBSnapper configuration
Usage: Token enables cloud features
Rotation: Regularly rotate tokens for security
Revocation: Revoke tokens when no longer needed

Best Practices¶

# Regular token rotation (monthly/quarterly)
# 1. Generate new token
# 2. Test new token in non-production first
dbsnapper auth token --config test.yml <new_token>
dbsnapper --config test.yml config check

# 3. Update production configuration
dbsnapper auth token <new_token>

# 4. Revoke old token

Multiple Token Management¶

# Different tokens for different purposes
dbsnapper auth token --config personal.yml <personal_token>
dbsnapper auth token --config work.yml <work_token>
dbsnapper auth token --config project-a.yml <project_a_token>

# Use appropriate configuration for each context
alias dbsnapper-personal='dbsnapper --config personal.yml'
alias dbsnapper-work='dbsnapper --config work.yml'

Troubleshooting¶

Common Issues¶

Invalid Token Format¶

Error: invalid token format

Solutions: 1. Verify token was copied completely from cloud dashboard 2. Check for extra spaces or characters 3. Regenerate token from cloud dashboard if needed

Token Authentication Failed¶

Error: authentication failed - invalid token

Solutions: 1. Verify token is current and not revoked 2. Check network connectivity to DBSnapper Cloud 3. Generate new token from cloud dashboard 4. Verify cloud service availability

Network Connection Issues¶

Error: cannot connect to DBSnapper Cloud

Solutions: 1. Check internet connectivity 2. Verify DNS resolution 3. Check corporate firewall settings 4. Try different network connection 5. Contact IT about cloud service access

Configuration File Issues¶

Error: cannot write to configuration file

Solutions:

# Check file permissions
ls -la ~/.config/dbsnapper/dbsnapper.yml

# Fix permissions if needed
chmod 600 ~/.config/dbsnapper/dbsnapper.yml

# Check directory permissions
ls -la ~/.config/dbsnapper/

# Create directory if missing
mkdir -p ~/.config/dbsnapper

Diagnostic Commands¶

# Test cloud connectivity
dbsnapper config check

# Verify token is configured
grep authtoken ~/.config/dbsnapper/dbsnapper.yml

# Test cloud features
dbsnapper targets | grep -E "(cloud|share)"

# Check environment variable
echo $DBSNAPPER_AUTHTOKEN

Security Considerations¶

Token Protection¶

File permissions: Restrict configuration file access
Version control: Never commit tokens to version control
Environment variables: Use environment variables in automation
Regular rotation: Rotate tokens regularly
Revocation: Revoke compromised tokens immediately

Access Control¶

Principle of least privilege: Use tokens with minimal required permissions
Separate tokens: Use different tokens for different environments
Team management: Regularly review team member access
Audit logging: Monitor token usage and access patterns

Incident Response¶

# If token is compromised:
# 1. Revoke token immediately in cloud dashboard
# 2. Generate new token
# 3. Update all configurations
dbsnapper auth token <new_secure_token>

# 4. Verify security
dbsnapper config check

# 5. Review access logs in cloud dashboard

Integration with Other Commands¶

Cloud-Enabled Commands¶

After token configuration, these commands gain cloud functionality:

# Enhanced target listing (includes cloud and shared targets)
dbsnapper targets

# Cloud snapshot operations
dbsnapper pull cloud-target-name
dbsnapper build cloud-target-name  # May upload to cloud storage

# Configuration checking includes cloud connectivity
dbsnapper config check

Workflow Integration¶

# Complete cloud setup workflow
dbsnapper config init              # Initialize configuration
dbsnapper auth token <your_token>  # Configure authentication
dbsnapper config check             # Verify cloud connectivity
dbsnapper targets                  # List available targets

Environment Variables¶

Alternative Token Configuration¶

# Set token via environment variable
export DBSNAPPER_AUTHTOKEN="your_token_here"

# Verify environment variable is used
dbsnapper config check | grep "DBSnapper Cloud"

CI/CD Integration¶

# GitHub Actions example
env:
  DBSNAPPER_AUTHTOKEN: ${{ secrets.DBSNAPPER_TOKEN }}

steps:
  - name: Test DBSnapper Cloud connectivity
    run: |
      dbsnapper config check
      dbsnapper targets | grep cloud

Best Practices Summary¶

Security Best Practices¶

Secure storage: Use file permissions and encryption
Environment separation: Different tokens per environment
Regular rotation: Rotate tokens periodically
Access monitoring: Monitor token usage and access
Incident response: Have procedures for compromised tokens

Operational Best Practices¶

Team onboarding: Include token setup in onboarding process
Documentation: Document token management procedures
Testing: Test tokens in non-production environments first
Backup access: Maintain alternative access methods
Compliance: Ensure token usage meets compliance requirements

Cloud Dashboard

Generate and manage your API tokens through the DBSnapper Cloud dashboard at https://app.dbsnapper.com. The Get Started page provides your current API token.

Environment Variables

For automation and CI/CD, use the DBSNAPPER_AUTHTOKEN environment variable instead of storing tokens in configuration files.

Token Security

Protect your API tokens like passwords. Use appropriate file permissions, rotate regularly, and never commit tokens to version control.

auth - Overview of authentication commands and cloud integration
targets - List targets (shows cloud and shared targets after authentication)
pull - Pull cloud snapshots (requires authentication)
config check - Verify cloud connectivity and authentication status