AI Docs Bundle
Join Our Community Slack Contact
chainctl Reference

chainctl auth pull-token create

  2 min read
chainctl Reference Product

chainctl auth pull-token create

Create a pull token.

chainctl auth pull-token create [--save=true|false] [--ttl=NUM_HOURS_ACTIVE] [--parent=PARENT] [--library-ecosystem=LANGUAGE] [flags]

Examples 

  # Create a pull token for container registry pull access.
  chainctl auth pull-token create
  
  # Create a pull token for pull access to a library ecosystem.
  chainctl auth pull-token create --library-ecosystem=java
  
  # Create a pull token that lasts for 24 hours.
  chainctl auth pull-token create --ttl=24h
  
  # Create a pull token for a particular organization.
  chainctl auth pull-token create --parent=my-org

Options 

  -h, --help                       help for create
      --library-ecosystem python   The language ecosystem to access with the pull token. Valid values are python and `java`.
      --name string                Pull token name. (default "pull-token")
      --parent string              The IAM organization or folder with which the pull token identity is associated.
      --save                       If true with --pull-token, save the pull token to the Docker configuration.
      --ttl ns                     Time To Live for the validity of the pull token. Valid unit strings range from nanoseconds to hours and are ns, `us`, `ms`, `s`, `m`, and `h`. Maxiumum value is 8760h or one year. (default 720h0m0s)

Options inherited from parent commands 

      --api string         The url of the Chainguard platform API. (default "https://console-api.enforce.dev")
      --audience string    The Chainguard token audience to request. (default "https://console-api.enforce.dev")
      --config string      A specific chainctl config file. Uses CHAINCTL_CONFIG environment variable if a file is not passed explicitly.
      --console string     The url of the Chainguard platform Console. (default "https://console.chainguard.dev")
      --force-color        Force color output even when stdout is not a TTY.
      --issuer string      The url of the Chainguard STS endpoint. (default "https://issuer.enforce.dev")
      --log-level string   Set the log level (debug, info) (default "ERROR")
  -o, --output string      Output format. One of: [csv, env, go-template, id, json, markdown, none, table, terse, tree, wide]
  -v, --v int              Set the log verbosity level.

SEE ALSO

Related Articles

chainctl

chainctl Chainguard Control chainctl [flags] Options --api string The url of the Chainguard platform API. (default …

  1 min read

chainctl auth

chainctl auth Auth related commands for the Chainguard platform. Options -h, --help help for auth Options inherited from …

  1 min read

chainctl auth configure-docker

chainctl auth configure-docker Configure a Docker credential helper chainctl auth configure-docker [flags] Options …

  2 min read

chainctl auth delete-account

chainctl auth delete-account Permanently delete your user account. chainctl auth delete-account [flags] Options -h, …

  1 min read

chainctl auth login

chainctl auth login Login to the Chainguard platform. chainctl auth login [--invite-code=INVITE_CODE] …

  2 min read

Last updated: 2025-09-29 18:30

chainctl auth pull-token Prev   chainctl auth pull-token list   Next