Knowledge
Search knowledge... ⌘K
Knowledge · Guidelines · docker
Sa Token Injection
Per-app SA token setup via Dokploy env vars
Metadata
docker docker mandatory
Procedures
Showing 3 of 4
- 1 Identify application's vault tier
Check the server model YAML for vault bindings to determine whether the application uses admin or readonly SA token tier
# In server model (e.g., .sbx/workspace/infrastructure/servers/vps-01.yml) vault: bindings: - tier: admin apps: [dokploy, postgres] - tier: readonly apps: [sbx-api, shredbx-api, bestays-api] - 2 Retrieve SA token
Use the vault status API or 1Password CLI to get the SA token for the application's assigned tier
# Via 1Password CLI op item get "SA Token - Readonly" --vault "Infrastructure" --field credential # Via server bootstrap API (if available) curl https://api.shredbx.com/api/infrastructure/servers/vps-01/vault/status
- 3 Set env var on compose project
Use compose.update API to add OP_SERVICE_ACCOUNT_TOKEN=<token> to the env string for the compose project
curl -X POST https://dokploy.shredbx.com/api/compose.update \ -H "Authorization: Bearer $DOKPLOY_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "composeId": "<compose-id>", "env": "OP_SERVICE_ACCOUNT_TOKEN=ops_eyJ...\nNODE_ENV=production" }'
Tools
- 1Password CLI
- Dokploy API