Cloudflare API Token Generator

---

A simple CLI tool for generating Cloudflare API tokens for use by tools, such as Traefik, Caddy, or Certbot

Table of Contents

• Quick Start
• Installation
  • Release Binaries
  • Source
• Usage
  • Overview
  • Configuration
    • Configuration File
    • Environment Variables
    • CLI Flags
• Contributing

Quick Start

1. Install goGenerateCFToken

2. Create a Master API Token

   1. Go to your Cloudflare Dashboard
   2. Create a token with following permissions:
   • Zone > Zone > Read
   • User > API Tokens > Edit
   • Include > Specific Zone > example.com
   3. Save/copy the token

3. Setup the Configuration File

   • Download the configuration file template to $HOME/.goGenerateCFToken/config.yaml:

     • Windows

       New-Item -ItemType Directory -Path $HOME\.goGenerateCFToken -Force; iwr -Uri https://github.com/nicholas-fedor/   goGenerateCFToken/raw/main/config.yaml.template -OutFile $HOME\.goGenerateCFToken\config.yaml

     • Linux

       mkdir -p $HOME/.goGenerateCFToken && curl -L https://github.com/nicholas-fedor/goGenerateCFToken/raw/main/config.   yaml.template -o $HOME/.goGenerateCFToken/config.yaml

     • macOS

       mkdir -p $HOME/.goGenerateCFToken && curl -L https://github.com/nicholas-fedor/goGenerateCFToken/raw/main/config.   yaml.template -o $HOME/.goGenerateCFToken/config.yaml

   • Edit $HOME/.goGenerateCFToken/config.yaml to add your master API token and zone:

   api_token: "your-master-api-token"
   zone: "example.com"

4. Generate a Test Token

   goGenerateCFToken generate test

   Expected Output:

   Generating API token: test.example.com
   yoursuperlongandsecretserviceapitoken

Installation

Release Binaries

Download and install the latest binary for your platform from the releases page.

The following are CLI scripts for installing to the user's go/bin directory:

• Windows (amd64):

  New-Item -ItemType Directory -Path $HOME\go\bin -Force | Out-Null; iwr (iwr https://api.github.com/repos/nicholas-fedor/goGenerateCFToken/releases/latest | ConvertFrom-Json).assets.where({$_.name -like "*windows_amd64*.zip"}).browser_download_url -OutFile goGenerateCFToken.zip; Add-Type -AssemblyName System.IO.Compression.FileSystem; ($z=[System.IO.Compression.ZipFile]::OpenRead("$PWD\goGenerateCFToken.zip")).Entries | ? {$_.Name -eq 'goGenerateCFToken.exe'} | % {[System.IO.Compression.ZipFileExtensions]::ExtractToFile($_, "$HOME\go\bin\$($_.Name)", $true)}; $z.Dispose(); rm goGenerateCFToken.zip; if (Test-Path "$HOME\go\bin\goGenerateCFToken.exe") { Write-Host "Successfully installed goGenerateCFToken.exe to $HOME\go\bin" } else { Write-Host "Failed to install goGenerateCFToken.exe" }

• Linux (amd64):

  mkdir -p $HOME/go/bin && curl -L $(curl -s https://api.github.com/repos/nicholas-fedor/goGenerateCFToken/releases/latest | grep -o 'https://[^"]*linux_amd64[^"]*\.tar\.gz') | tar -xz --strip-components=1 -C $HOME/go/bin goGenerateCFToken

• macOS (amd64):

  mkdir -p $HOME/go/bin && curl -L $(curl -s https://api.github.com/repos/nicholas-fedor/goGenerateCFToken/releases/latest | grep -o 'https://[^"]*darwin_amd64[^"]*\.tar\.gz') | tar -xz --strip-components=1 -C $HOME/go/bin goGenerateCFToken

Source

go install github.com/nicholas-fedor/gogeneratecftoken@latest

Usage

Overview

Invoke the program and use the generate command with a subdomain as the argument to generate a Cloudflare API token.

The token will be named using the subdomain.domain.tld convention.

goGenerateCFToken generate [SUBDOMAIN] [FLAGS]

Flags	Input Type	Description
--config	String	Specify a configuration file location
-t, --token	String	Specify a Cloudflare API master token
-z, --zone	String	Specify a domain name, i.e. example.com
-h, --help	None	Show the help information for the command

Warning

The Cloudflare API token will only be shown via the standard output. Remember to save it in a secure location!

Configuration

In order to generate Cloudflare API tokens, the program requires the following:

• A master API token with the permissions to generate additional Cloudflare API tokens
• A zone (i.e. example.com)
• A sudomain (i.e. "test" from test.example.com)

goGenerateCFToken uses Cobra and Viper to enable configuration functionality.

Configuration File

Default Location: $HOME/.goGenerateCFToken/config.yaml

Example:

# goGenerateCFToken Configuration File
# https://github.com/nicholas-fedor/goGenerateCFToken

# https://dash.cloudflare.com/profile/api-tokens
# Token Name: [Add your token name here for reference]
# Permissions: Zone: Read & API Tokens: Edit
api_token: "your-cloudflare-api-token-here"
zone: "example.com"

Note

If using a custom configuration file location, then specify the location using the --config flag. Example:

goGenerateCFToken [SUBDOMAIN] --config [PATH]

Environment Variables

If no config file is found or specified, then the program falls back to environment variables.

export CF_API_TOKEN="your-master-api-token"
export CF_ZONE="example.com"

CLI Flags

You can use CLI flags directly instead of using a configuration file or setting environment variables.

• t, --token: Specify a master API token that has the permissions for creating additional tokens.
• -z, --zone : Specify a specific zone, i.e. example.com

Contributing

Contributions to this project are welcomed. Please see the contributing documentation for more information.