Jibril Docs

Appearance

API Token

Jibril requires a Garnet API token to operate. This page explains how to obtain and configure your token.

Get Your Token

  1. Create an account at Garnet Dashboard
  2. Navigate to Settings -> API Tokens
  3. Click Create Token button
  4. Provide the token name and select the permissions
  5. Click Create and copy the token
  6. Store the token securely

Configure the Token

Choose one of the following methods based on your deployment:

Standalone deployments
bash
export GARNET_API_TOKEN=your-token-here
Systemd deployments
bash
echo "GARNET_API_TOKEN=your-token-here" | sudo tee /etc/default/jibril
sudo chmod 600 /etc/default/jibril
Docker deployments
bash
docker run -e GARNET_API_TOKEN=your-token-here ...
Kubernetes deployments
bash
helm install jibril garnet/garnet --set garnet.token=your-token-here

Configuration File

yaml
# /etc/jibril/config.yaml
run-time:
  api:
    token: your-token-here

Secure the file after adding your token:

bash
sudo chmod 600 /etc/jibril/config.yaml
sudo chown root:root /etc/jibril/config.yaml

First Start

When Jibril starts with a valid token for the first time, it registers with the Garnet API and stores an agent-specific token at /var/lib/jibril/agent.token.

Expected log output:

log
INFO: detected runtime environment: vanilla
INFO: agent registration complete
INFO: agent kind: vanilla
INFO: token stored at: /var/lib/jibril/agent.token
Project Token vs Agent Token
  • Project Token (you configure) - Used during initial registration and stored in the configuration file (/etc/jibril/config.yaml)
  • Agent Token (auto-generated) - Used for ongoing operations and stored in /var/lib/jibril/agent.token

After initial registration, Jibril uses the agent token automatically. The project token is only needed again if you delete the agent token file or deploy to a different machine [5].

Verify Registration

bash
# Check logs for registration success
sudo journalctl -u jibril | grep "agent registration complete"

# Verify agent token file exists
sudo ls -la /var/lib/jibril/agent.token

Re-registration

To re-register an agent:

bash
sudo rm /var/lib/jibril/agent.token
sudo systemctl restart jibril
Advanced Configuration

Custom API endpoint for self-hosted Garnet installations:

yaml
run-time:
  api:
    url: https://your-garnet-instance.com/
    token: your-token-here

Or via environment variables:

bash
export GARNET_API_URL=https://your-garnet-instance.com/
export GARNET_API_TOKEN=your-token-here

Custom agent token storage path:

yaml
run-time:
  api:
    agent-token-path: /custom/path/agent.token
Security Best Practices

Do:

  • Use environment variables or secret management systems
  • Create separate tokens for each environment (dev/staging/prod)
  • Rotate tokens periodically
  • Revoke tokens immediately if compromised

Do not:

  • Commit tokens to version control
  • Share tokens across teams or projects
  • Use production tokens in development environments
  • Store tokens in unencrypted files

Next Steps