Understanding service tokens and their best practices.
string
, and a corresponding document in the storage backend containing its
properties and metadata.
.
.
Consider the token st.abc.def.ghi
. Here, st.abc.def
can be used to authenticate with the API, by including it in the Authorization
header under Bearer st.abc.def
, and retrieve (encrypted) secrets as well as a project key back. Meanwhile, ghi
, a hex-string, can be used to decrypt the project key used to decrypt the secrets.
Note that when using service tokens via select client methods like SDK or CLI, cryptographic operations are abstracted for you that is the token is parsed and encryption/decryption operations are handled. If using service tokens with the REST API and end-to-end encryption enabled, then you will have to handle the encryption/decryption operations yourself.