How to read the superuser access token in InfluxDB 2.6.1

I’m running InfluxDB since a year and have a lot of data stored. Now I wanted to configure a backup. and for that I need the super user access token. In the version I habe installed a year ago, I can access the token on the web interface. But now with version 2.6.1 it is not possible. Where I can find this token?

@bob3150

I think you will have to create a new token (if you do not have access to the original one before you upgraded).

I saw this when I updated from v2.3 to v2.6. Luckily, I had the token in a password vault.

I think this is not working, because with a new created full access token I get the following response on cli:

influx backup backup
2023/01/08 12:12:27 INFO: Downloading metadata snapshot
Error: failed to backup metadata: failed to download metadata snapshot: 401 Unauthorized: read:authorizations is unauthorized
influx server-config
Error: failed to retrieve config: 401 Unauthorized: access to /api/v2/config requires operator permissions

My syntax is different. I use:

influx backup <backup-path> -t <root-token>

This results on my setup to the same Error. As far as I read somewhere, that I have to use the first install root-token. This one I use actually with Grafana and Node-Red, but there I also can not see it and I have not saved it during installation, because I saw it in the old version.

FWIW, I also use the same token (used in my backups) with Node-RED and Grafana.

It seems this has become a real problem for many users. I keep seeing issues appear on this forum.

I don’t know why they chose to restrict viewing of tokens in the UI. It’s a silly decision since a) recovering them is trivial via the CLI, and b) all subsequently created tokens are automatically scoped to the org-id that they’re created under (which is presumably why backups need the root token).

First make sure you are logged into the UI and switched into the org that you originally setup influxdb with. If you haven’t setup any additional orgs, then just being logged in is sufficient. Then create a new temporary all-access token in the UI, and then copy its value to use in the following command:

influx auth list -t <temporary token>

The root token should be the first one listed, and will have permissions that look like this:

[read:/authorizations write:/authorizations read:/buckets write:/buckets read:/dashboards write:/dashboards read:/orgs write:/orgs read:/sources write:/sources read:/tasks write:/tasks read:/telegrafs write:/telegrafs read:/users write:/users read:/variables write:/variables read:/scrapers write:/scrapers read:/secrets write:/secrets read:/labels write:/labels read:/views write:/views read:/documents write:/documents read:/notificationRules write:/notificationRules read:/notificationEndpoints write:/notificationEndpoints read:/checks write:/checks read:/dbrp write:/dbrp read:/notebooks write:/notebooks read:/annotations write:/annotations read:/remotes write:/remotes read:/replications write:/replications]

While the permissions for any other tokens created afterwards will contain the org-id they’re scoped to.

Then delete the temporary token in the UI to clean up.

Actually, looks like there’s an officially supported way to recover tokens since v2.1, albeit buried in the docs.

influxd recovery auth list --bolt /var/lib/influxdb2/influxdb.bolt

(or whatever the path to your boltdb file is). Doesn’t appear to work if your instance is running, but that can easily be worked around without stopping the process by copying the file to another location like /tmp and reading it there.

You can also use this recovery mechanism to create a new operator (root) token if you’ve somehow managed to accidentally delete the original.

Thank’s a lot, this worked to extract my root access token.