Table: linode_token - Query Linode Personal Access Tokens using SQL
A Linode Personal Access Token (PAT) is an API token granting full access to your Linode account, with the ability to create, access, modify, and remove any aspect of your account. PATs are great for when you want to build your own applications or scripts. Just like OAuth tokens, you can limit a token's scope to restrict what parts of your account it can access.
Table Usage Guide
The linode_token
table provides insights into Personal Access Tokens within Linode. As a DevOps engineer, explore token-specific details through this table, including its scopes, created and expiry dates. Utilize it to uncover information about tokens, such as those with certain scopes, and verification of expiry dates.
Examples
List tokens
Explore all the available tokens in your Linode account to manage and control access to your resources effectively. This helps in maintaining security and managing permissions within your account.
select *from linode_token;
select *from linode_token;
Tokens by age in days
Identify the age of your Linode tokens to understand how long they have been in existence. This can help in managing token lifecycle and ensuring security compliance by replacing or revoking old tokens.
select token, created, date_part('day', age(current_timestamp, created)) as age_daysfrom linode_tokenorder by age_days desc;
select token, created, julianday('now') - julianday(created) as age_daysfrom linode_tokenorder by age_days desc;
Tokens expiring in the next 30 days
Discover the segments that have tokens expiring in the next 30 days. This is useful for proactively managing and renewing such tokens before they lapse, ensuring uninterrupted access to linked services.
select token, expiryfrom linode_tokenwhere expiry < current_date + interval '30 days';
select token, expiryfrom linode_tokenwhere expiry < date('now', '+30 days');
Tokens will full permissions
Explore which tokens have full permissions in Linode. This can be useful for identifying potential security risks and ensuring appropriate access control.
select *from linode_tokenwhere scopes ? '*'
Error: SQLite does not support '?' operator for JSON objects.
Scopes by token
Explore which Linode API tokens have been granted specific permissions, as this information can be crucial for managing access rights and ensuring security within your system.
select t.token, scopefrom linode_token as t, jsonb_array_elements_text(t.scopes) as scope;
select t.token, json_extract( scope.value, ')from linode_token as t, json_each(t.scopes) as scope;
Schema for linode_token
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
created | timestamp with time zone | The date and time this token was created. | |
euuid | text | An external unique identifier for this account. | |
expiry | timestamp with time zone | When this token will expire. | |
id | bigint | = | This token's unique ID, which can be used to revoke it. |
label | text | This token's label. This is for display purposes only, but can be used to more easily track what you're using each token for. | |
scopes | jsonb | Array of scopes for the token, e.g. *, account:read_write, domains:read_only. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
token | text | First 16 characters of the token. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- linode
You can pass the configuration to the command with the --config
argument:
steampipe_export_linode --config '<your_config>' linode_token