Create and manage access tokens

Let tools send data to Cloud Observability projects.

Your instrumentation uses access tokens to identify the project the tracer is reporting for. Microsatellites need this token to accept and store span data from the tracer. Reports from clients with invalid or deactivated access tokens will be rejected on ingress.

If you’re using a Developer Mode Satellite, the access token is developer.

Why have more than one access token

Access tokens tell the tracer which Cloud Observability project to report to. You may want to create more than one token when you want fine-grained control over the data your services send to Cloud Observability. For example, you can have separate tokens for your clients and backend services. This way, if you have key rotation policies for public services (i.e. web or mobile clients), you can deactivate only that one and deploy a new token without affecting the other clients’ reporting or having to roll out changes in multiple places.

Create access tokens

Create access tokens on Cloud Observability’s Project settings page. Access tokens let tools report data to specific Cloud Observability projects.

Follow these steps to create an access token:

  1. In Cloud Observability’s navigation bar, click Projects and select your project.
  2. In the same navigation bar, click Project settings.

  3. On the Access Tokens page, click Create new access token, enter a name in the dialog, and click Confirm.

    Cloud Observability displays You have created a new access token, and your token appears at the top of the table.

  4. To rename your token, click ⋮ > Rename.

It may take up to five minutes for the token to propagate to all active Microsatellites.

Deactivate access tokens

Follow these steps to deactivate an access token:

  1. In Cloud Observability’s navigation bar, click Project settings.
  2. Find the access token you want to deactivate and click ⋮ > Deactivate.

  3. In the dialog, click Deactivate.

    Cloud Observability displays Access token deactivated and moves the token to the Inactive tab.

Reactivate access tokens

Follow these steps to reactivate an access token:

  1. In Cloud Observability’s navigation bar, click Project settings.
  2. On the Access Tokens page, click the Inactive tab.
  3. Find the relevant token and click ⋮ > Activate.

  4. In the dialog, click Activate.

    Cloud Observability displays Access token activated and moves the token to the Active tab.

It may take up to five minutes for the deactivate or activate signal to propagate to all active Microsatellites.

Updated Jul 31, 2023