Overview

Generate a new workspace token for the current workspace without storing it locally. This command is useful for creating tokens for CI/CD systems, scripts, or other automation tools.

Syntax

ntcli token create [options]

Options

--expires-in
number
Token expiration time in secondsDefault: 31536000 (1 year)
Example: 86400 (24 hours)
--format
string
Output format for the tokenDefault: text
Options: text, json

Examples

Create Standard Token

# Create token with default 1-year expiration
ntcli token create
Output: 
New token created: wst_abc123def456...
Token JTI: jti_xyz789
Expires: 2025-08-07T12:00:00Z

Create Short-Lived Token

# Create token that expires in 24 hours
ntcli token create --expires-in 86400

Create Non-Expiring Token

# Create token that never expires (use with caution)
ntcli token create

JSON Output

# Get token in JSON format for automation
ntcli token create --format json
Output: 
{
  "token": "wst_abc123def456...",
  "jti": "jti_xyz789",
  "expires_at": "2025-08-07T12:00:00Z"
}

Security Considerations

Token Storage: This command displays the full token. Store it securely and never commit it to version control.

Best Practices

  • Copy Immediately: Copy the token immediately as it cannot be retrieved again
  • Secure Storage: Store tokens in secure credential management systems
  • Regular Rotation: Rotate tokens regularly using ntcli token refresh
  • Scope Limitation: Use workspace-specific tokens rather than global tokens

CI/CD Integration

GitHub Actions

- name: Create deployment token
  run: |
    TOKEN=$(ntcli token create --expires-in 3600 --format json | jq -r '.token')
    echo "::add-mask::$TOKEN"
    echo "DEPLOYMENT_TOKEN=$TOKEN" >> $GITHUB_ENV

Script Usage

#!/bin/bash
# Create token for deployment script
TOKEN=$(ntcli token create --expires-in 7200 --format json | jq -r '.token')
export NTCLI_WORKSPACE_TOKEN="$TOKEN"

# Use token for deployment
ntcli server deploy my-service

Error Handling

token list

List all workspace tokens

token refresh

Refresh current workspace token

token revoke

Revoke specific tokens

token show

Show current token information