Manage access tokens

Let tools send data to Cloud Observability projects.

Your instrumentation uses access tokens to identify the project the tracer is reporting for. Microsatellites need this token to accept and store span data from the tracer. Reports from clients with invalid or deactivated access tokens will be rejected on ingress.

If you’re using a Developer Mode Satellite, the access token is developer.

Why have several access tokens

Access tokens tell tracers and tools which Cloud Observability project to report to. You may want to create several tokens to have fine-grained control over the data your services send to Cloud Observability.

For example, you can have separate tokens for your clients and backend services. This way, if you have key rotation policies for public services (i.e., web or mobile clients), you can deactivate only that one and deploy a new token without affecting the other clients’ reporting or having to roll out changes in multiple places.

Create access tokens

Follow these steps to create an access token:

  1. In the same navigation bar, click Settings > Access tokens.
  2. On the Access Tokens page, click the For project drop-down and select your project.

  3. Next, click Create new access token, enter a name in the dialog, and click Confirm.

    Cloud Observability displays You have created a new access token, and your token appears at the top of the table.

To rename your token, click ⋮ > Rename.

It may take up to five minutes for the token to propagate to all active Microsatellites.

Deactivate access tokens

Follow these steps to deactivate an access token:

  1. In Cloud Observability’s navigation bar, click Settings > Access tokens.
  2. On the Access Tokens page, click the For project drop-down and select your project.
  3. Find the access token you want to deactivate and click ⋮ > Deactivate.

  4. In the dialog, click Deactivate.

    Cloud Observability displays Access token deactivated and moves the token to the Inactive tab.

Reactivate access tokens

Follow these steps to reactivate an access token:

  1. In Cloud Observability’s navigation bar, click Settings > Access tokens.
  2. On the Access Tokens page, click the For project drop-down and select your project.
  3. Next, click the Inactive tab, find the relevant token, and click ⋮ > Activate.

  4. In the dialog, click Activate.

    Cloud Observability displays Access token activated and moves the token to the Active tab.

It may take up to five minutes for the deactivate or activate signal to propagate to all active Microsatellites.

Updated Jul 31, 2023