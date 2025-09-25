allow []object Allow is a list of TokenRules, nodes using this token must match one allow rule to use this token.

aws_iid_ttl string AWSIIDTTL is the TTL to use for AWS EC2 Instance Identity Documents used to join the cluster with this token.

azure object Azure allows the configuration of options specific to the "azure" join method.

azure_devops object AzureDevops allows the configuration of options specific to the "azure_devops" join method.

bitbucket object Bitbucket allows the configuration of options specific to the "bitbucket" join method.

bot_name string BotName is the name of the bot this token grants access to, if any

bound_keypair object BoundKeypair allows the configuration of options specific to the "bound_keypair" join method.

circleci object CircleCI allows the configuration of options specific to the "circleci" join method.

gcp object GCP allows the configuration of options specific to the "gcp" join method.

github object GitHub allows the configuration of options specific to the "github" join method.

gitlab object GitLab allows the configuration of options specific to the "gitlab" join method.

join_method string JoinMethod is the joining method required in order to use this token. Supported joining methods include: azure, circleci, ec2, gcp, github, gitlab, iam, kubernetes, spacelift, token, tpm

kubernetes object Kubernetes allows the configuration of options specific to the "kubernetes" join method.

oracle object Oracle allows the configuration of options specific to the "oracle" join method.

roles []string Roles is a list of roles associated with the token, that will be converted to metadata in the SSH and X509 certificates issued to the user of the token

spacelift object Spacelift allows the configuration of options specific to the "spacelift" join method.

suggested_agent_matcher_labels object SuggestedAgentMatcherLabels is a set of labels to be used by agents to match on resources. When an agent uses this token, the agent should monitor resources that match those labels. For databases, this means adding the labels to db_service.resources.labels . Currently, only node-join scripts create a configuration according to the suggestion.

suggested_labels object SuggestedLabels is a set of labels that resources should set when using this token to enroll themselves in the cluster. Currently, only node-join scripts create a configuration according to the suggestion.

terraform_cloud object TerraformCloud allows the configuration of options specific to the "terraform_cloud" join method.