Skip to content

Advanced Programmatic Provisioning#

Remote management in Package Manager requires authentication, which can be challenging if you are automatically provisioning the server or do not have direct server access. To solve for this, admins can generate admin-scoped authentication token remotely through server configuration.

Admin Token Generation Steps#

Follow these steps for to provision an admin token using the command-line interface (CLI). If the address is unavailable from the CLI, follow the Browser steps below.

  1. Download the rspm CLI tool to an environment that has network access to the Package Manager server. To install the standalone tool, follow the steps in the standalone CLI documentation section.

  2. Next, generate a keypair that will be used for token generation:

    Terminal
    $ rspm bootstrap keys
    << The PPM private key has been written to ~/.ppm/keys/private.key.
    << Paste this key without newlines or spaces in your PPM config or set the
    << PACKAGEMANAGER_BOOTSTRAP_PUBLICKEY environment variable:
    
    << [Base64EncodedPublicKey]
    

    rspm bootstrap keys generates an RSA private key with 2048 bits. Encryption is performed using the RSA-OAEP algorithm with SHA-256 as the hash function. Signing is performed using the RSA-PSS algorithm with SHA-256 as the hash function.

  3. Update the server configuration or set the PACKAGEMANAGER_BOOTSTRAP_PUBLICKEY environment variable:

    /etc/rstudio-pm/rstudio-pm.gcfg
    [Bootstrap]
    PublicKey = [Base64EncodedPublicKey]
    
  4. Start or restart the server with the updated configuration.

  5. If the server is accessible, generate an admin-scoped authentication token from the CLI:

    Terminal
    $ export PACKAGEMANAGER_ADDRESS=[Address]
    $ rspm bootstrap token
    << Your access token is [Token]
    
    << Set the environment variables 'PACKAGEMANAGER_TOKEN=[Token]' to configure your environment for using the rspm CLI.
    
  6. Otherwise, generate a signature:

    Terminal
    $ rspm bootstrap signature
    << The signature is:
    
    << [Signature]
    

    Then navigate to the /client/#/settings/bootstrap/ endpoint and paste the signature to generate an admin-scoped authentication token.