harbor/docs/1.10/working-with-projects/create-robot-accounts.md

62 lines
2.8 KiB
Markdown
Raw Normal View History

---
title: Create Robot Accounts
2020-02-11 16:24:43 +01:00
weight: 40
---
2019-11-01 15:00:01 +01:00
2019-12-17 11:03:51 +01:00
You can create robot accounts to run automated operations. Robot accounts have the following limitations:
2019-10-17 15:47:25 +02:00
2019-12-17 11:03:51 +01:00
1. Robot Accounts cannot log in to the Harbor interface.
1. Robot Accounts can only perform operations by using the Docker and Helm CLIs.
2019-10-17 15:47:25 +02:00
### Add a Robot Account
2019-12-17 11:03:51 +01:00
1. Log in to the Harbor interface with an account that has at least project administrator privileges.
1. Go to **Projects**, select a project, and select **Robot Accounts**.
2019-10-17 15:47:25 +02:00
![Robot accounts](../img/add-robot-account.png)
2019-12-17 11:03:51 +01:00
1. Click **New Robot Account**.
1. Enter a name and an optional description for this robot account.
1. Grant permission to the robot account to push images and to push and pull Helm charts.
2019-10-17 15:47:25 +02:00
Robot accounts can always pull images, so you cannot deselect this option.
2019-12-17 11:03:51 +01:00
![Add a robot account](../img/add-robot-account-2.png)
2019-12-17 11:03:51 +01:00
1. Click **Save**.
1. In the confirmation window, click **Export to File** to download the access token as a JSON file, or click the clipboard icon to copy its contents to the clipboard.
2019-10-17 15:47:25 +02:00
![copy_robot_account_token](../img/copy-robot-account-token.png)
{{< important >}}
Harbor does not store robot account tokens, so you must either download the token JSON or copy and paste its contents into a text file. There is no way to get the token from Harbor after you have created the robot account.
{{< /important >}}
The new robot account appears as `robot$account_name` in the list of robot accounts. The `robot$` prefix makes it easily distinguishable from a normal Harbor user account.
![New robot account](../img/new-robot-account.png)
2019-10-17 15:47:25 +02:00
2019-12-17 11:03:51 +01:00
1. To delete or disable a robot account, select the account in the list, and select **Disable account** or **Delete** from the Action drop-down menu.
2019-10-17 15:47:25 +02:00
![Disable or delete a robot account](../img/disable-delete-robot-account.png)
2019-10-17 15:47:25 +02:00
2019-12-17 11:03:51 +01:00
### Configure the Expiry Period of Robot Accounts
2019-10-17 15:47:25 +02:00
2019-12-17 11:03:51 +01:00
By default, robot accounts expire after 30 days. You can set a longer or shorter lifespan for robot accounts by modifying the expiry period for robot account tokens. The expiry period applies to all robot accounts in all projects.
1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
1. Go to **Configuration** and select **System Settings**.
1. In the **Robot Token Expiration (Days)** row, modify the number of days after which robot account tokens expire.
![Set robot account token expiry](../img/set-robot-account-token-duration.png)
2019-12-17 11:03:51 +01:00
### Authenticate with a Robot Account
To use a robot account in an automated process, for example a script, use `docker login` and provide the credentials of the robot account.
<pre>
docker login <i>harbor_address</i>
Username: robot$<i>account_name</i>
Password: <i>robot_account_token</i>
2020-01-13 16:18:01 +01:00
</pre>