Table of Contents

To simplify management process and reduce complex permission system between users and available projects, Reposilite does not define such entities. The only source of truth is personal access token with associated metadata.
The generalized token structure is presented below:
Access Token {
  Identifier {                # Unique identifier of each token
    Id,                       # Numeric value
    Type                      # Type of token, enum: PERSISTENT, TEMPORARY
  Name                        # Token name
  Secret                      # Encrypted secret using BCrypt function
  Created At                  # Creation date
  Description                 # Token description
  Permissions [               # List of access token permissions
    Access Token Permission   # Enum: MANAGER (m)
  Routes [                    # List of routes associated with access token
    Route {
      Path                    # Path identifier
      Route Permission        # Enum: READ (r), WRITE (w)
This guide covers only raw access token, that by default, does not have access to any path in any repository. When you'll generate your tokens, go to to learn more about paths management.

MANAGERmMarks token as manager's (admin) token, grants full access to any path in the repository and allows you to access remote CLI through the dashboard

You can generate command via CLI (in terminal or web console):
$ token-generate [--secret=<secret>] <name> [<permissions>]
secret is optional and it's recommended to let Reposilite generate strong password, but it might be useful for some people that want to migrate from Reposilite 2.x or other repository manager.
permissions is optional list of token permissions. Currently, you can define only one, which is management permission. You have to use permissions shortcuts.

For bootstrapping your permissions setup, or fixing a broken one, you may have to use a temporary manager token. Via the --token root:root-secret command line parameter to your Reposilite instance, you can create a manager token named root with the secret root-secret. This token will not be persisted in the database and cease to exist if the Reposilite process is restarted without the command line option.

If you're confused about your first auth configuration, you may find this video helpful:

Reposilite allows you to export your tokens to JSON file, so you can backup them or exchange between instances. You can do this using token-export <file> and token-import <file> commands as follows:
$ token-export tokens.json
3 token(s) found.
All tokens have been exported to $working-directory/tokens.json in JSON format.
By default Reposilite puts the file in your working directory, but you can also specify an absolute path. To import such JSON file, just specify it in the import command:
$ token-import tokens.json
Importing 3 token(s) from $working-directory/tokens.json file:
Access token 'token-0' has been imported.
Access token 'token-1' has been imported.
Access token 'token-2' has been imported.

Commands related to tokens you may find useful:
$ tokens
14:13:41.456 INFO | Tokens (1)
14:13:41.456 INFO | - root:
14:13:41.456 INFO |   > ~ no routes ~

$ token-revoke root
14:20:03.834 INFO | Token for 'root' has been revoked

$ token-rename root super-user
14:28:47.502 INFO | Token name has been changed from 'root' to 'super-user'

$ token-modify super-user m
14:30:26.320 INFO | Permissions have been changed from '[]' to 'm'

$ token-regenerate super-user
16:49:45.211 INFO | New secret for 'test': 4n1NAKgAuzqdZ+mS/OIhqdpqjTyjI78OkgC/Yym5+3vGoXaefYQ2DKqK14c80xNl

Did you find misleading or deprecated content? Maybe you just feel this section misses important elements?


Copyright © 2023 dzikoysk with ❤ panda-lang