CLI command for workload authentication
Use the Okta Privileged Access client CLI for autonomous, non-interactive operations. Workloads authenticate and retrieve a temporary access token by running the sft workload authenticate command (aliased as sft wl auth), which is essential for automation scripts and CI/CD pipelines that can't rely on human intervention.
Before you begin
-
You have DevOps admin privileges.
-
You have an identity token from your workload provider and it's set as the --jwt=env name.
Example usage for workload automation
Since sft workload authentication is non-interactive, you can export its token as an environment variable (OPA_TOKEN) for use in scripts.
-
Set OPA_ADDR in an environment variable. This sets the URL for the client connection.
export OPA_ADDR=<URL>
-
Run the following command to get the OPA_TOKEN.
OPA_TOKEN=$(sft wl authenticate \ --team <my-team> \ --connection <workload-connection-name> \ --jwt-env <my-jwt-env)
-
Execute the following command.
sft ssh myhost --team myteam --workload-role myrole