System provisioning

After the initial setup, system provisioning can be performed via SSH. This process includes creating a GUI/REST administrator account and generating a REST API authentication token (e.g., a JWT). An authentication token is required to access the REST API. Once the token has been created, the same deployment pipeline can continue provisioning the system through REST API calls, enabling seamless integration into fully automated deployment workflows.

Obtaining a REST API Token via CLI

  1. If not configured during installation, create an administrator account including password setting, role assignment and corresponding JWT creation:
  2.  
    Terminal box
    # execute and immediately save the following changes:
# create “admin” user, set an initial password,
# assign the built-in role airlock-administrator,
# and create a JWT that reflects these user settings
airlock-user-manager-tool --set \
  --user admin \
  --password '<initial-password>' \
  --role airlock-administrator \
  --jwt
  3.  
    Notice

    For unattended installations, we recommend omitting the alinst.adminpw= kernel parameter to avoid plain-text secrets in PXE/TFTP. The command above sets the password only after the system is online and the channel is protected by SSH.

  4. Retrieve the JWT for REST automation in JSON format for the admin user:
  5.  
    Terminal box
    # print a JSON object that contains the admin user
# and its newly issued access token (JWT)
airlock-user-manager-tool --user <username> --json --jwt
  6. Example output:
  7.  
    Example
    {
  "admin": {
      "password": "enabled",
      "roles": "airlock-administrator",
      "token": "eyJlbmMiOiJBMjU2…DCN02PgU9fg1M",
      "tokenExpired": "false",
      "readPaths": ".*",
      "writePaths": ".*"
  }
}

Obtaining a REST API Token via the GUI

For manual installations, an API key can also be created in the Configuration Center:

  1. Go to:
    System Setup >> System Admin
  2. In the API Keys section, create an API key.

Establishing REST API Access

Use the generated key as Bearer token in the Authorization header of all REST calls:

 
Terminal box
Authorization: Bearer <token>

Access URL for Airlock Gateway: https://<airlock>:8443/

Note: REST API tokens are valid for up to 2 years.

With the token in place, the deployment pipeline (Ansible, GitLab CI, etc.) finishes post-installation tasks, e.g.:

  • importing a baseline configuration
  • creating tenant users and JWTs
  • enabling maintenance mode on back-ends