Finding the SAS Viya 4 Consul Token

When you are working with the SAS® Viya® REST APIs you need to do a one-off registration process for your client using the Consul Token.

The SAS documentation for SAS REST APIs: Authentication & Authorization: Registering clients explains how to get access to the Consul client.token by looking in the file system at /opt/sas/viya/config/etc/SASSecurityCertificateFramework/tokens/consul/default/client.token

Now, SAS Viya 4 is based on Kubernetes and has lots of pods each with their own file system, so I was wondering where I’d locate this file. I started looking in the sas-login-app pod but didn’t find it there. Next stop was one of the sas-consul-server pods and that was where I found it (makes sense really, I should have started there!).

Now I know where to find it, in future I will use the following kubectl command to quickly print out the Consul client.token when I need it:

kubectl exec -q -n sasviyadev sas-consul-server-0 -c sas-consul-server -- cat /opt/sas/viya/config/etc/SASSecurityCertificateFramework/tokens/consul/default/client.token

… replacing sasviyadev with the name of the namespace in which SAS Viya 4 has been deployed.

After discovering the consul token using the method above I subsequently found a documented method in the SAS Viya Administration: Authentication: Additional Authentication Topics: Register a New Client ID

kubectl -n sasviyadev get secret sas-consul-client -o go-template='{{(index .data "CONSUL_HTTP_TOKEN")}}'| base64 -d

… so now I know two ways!

If you have any other helpful tips for locating the SAS Viya 4 Consul token please leave a comment below.