Token Management
Overview
Tokens are credentials that allow you to connect runtime environments, configure package managers manually, and integrate external systems with Fly Registry.
Token Types
Read & Write Token
Full access to artifacts:
- Upload (publish) artifacts
- Download (pull) artifacts
- View artifact metadata
- Create releases (if uploading from external CI)
Use cases:
- Manual local development
- External CI/CD systems
- Automated deployment scripts
Read-Only Token
Limited access:
- Download (pull) artifacts only
- View artifact metadata only
- Cannot upload or modify
Use cases:
- Kubernetes environments pulling images
- Deployment environments
- External consumers of your packages
- Sharing with partners/customers
Environment-Scoped Tokens
Tokens can be associated with a specific environment. When a token is scoped to an environment, every image pull using that token is tracked against the environment, enabling Fly to show you what’s running, deployment history, and drift detection.
Environment tokens can be generated during environment creation or from the environment profile in Fly Web. See Runtime Environments → for details.
Creating Tokens
- Click your user avatar (top-right) and select Token Management
- Click Create Token
- Configure token:
- Name - Descriptive name (e.g., “k8s-production”)
- Permission - Read & Write or Read-Only
- Expiration - Date or “Never”
- Click Create
- Copy token immediately - Shown only once!
Using Tokens
After creation, the token value is shown once:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Critical: Copy and save immediately. If lost, you must create a new token and revoke the old one.
Manual Package Manager Configuration
Use tokens to manually configure package managers:
npm
Add to .npmrc:
registry=https://<your-fly-subdomain>.jfrog.io/artifactory/api/npm/npm/
//<your-fly-subdomain>.jfrog.io/artifactory/api/npm/npm/:_authToken=<your-fly-token>pip
Add to pip.conf or use environment variable:
export PIP_INDEX_URL=https://<your-fly-username>:<your-fly-token>@<your-fly-subdomain>.jfrog.io/artifactory/api/pypi/pypi/simpleDocker
Login with token:
docker login <your-fly-subdomain>.jfrog.io/docker -u <your-fly-username> -p <your-fly-token>See Package Managers for all package managers.
Viewing Tokens
Click your user avatar (top-right) and select Token Management to see:
| Column | Description |
|---|---|
| Name | Token name |
| Username | Token-specific username for authentication |
| Permission | Read & Write or Read-Only |
| Created By | User who created the token |
| Created | Creation timestamp |
| Expires | Expiration date |
| Status | Active, Expired, or Revoked |
Revoking Tokens
Immediately invalidate a token:
- Click your user avatar (top-right) and select Token Management
- Find the token to revoke
- Click Revoke
- Confirm revocation
Effects:
- Token immediately becomes invalid
- Any systems using the token lose access
- Token cannot be unrevoked
- Token is marked as “Revoked” in the list
Permissions:
- Admins can revoke any token
- Developers can only revoke their own tokens
Deleting Tokens
Remove token from the list:
- Click your user avatar (top-right) and select Token Management
- Find an Expired or Revoked token
- Click Delete
- Confirm deletion
Note: Can only delete non-active tokens.