pbs_token_create
Create an API token for a PBS user. Confirm execution to obtain the secret key, which is returned only once.
Instructions
MUTATION (MEDIUM): create an API token for a PBS user.
Dry-run by default. PBS has NO privsep concept (unlike PVE) — the new token has NO privileges until an ACL entry grants it some (pbs_acl_update with auth_id='{userid}!{token_name}'). confirm=True executes and returns a dict whose result carries the token secret (value) ONCE — it is never written to the audit ledger and cannot be retrieved again (only regenerated via pbs_token_update, which invalidates it). Synchronous. Use pbs_user_tokens_list to see a user's existing tokens, or pbs_token_delete to remove one. Needs PROXIMO_PBS_* config.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| digest | No | Optional SHA256 config digest to prevent concurrent modifications. | |
| enable | No | Whether the token is usable immediately; None defers to PBS's default (enabled). | |
| expire | No | Optional token expiry as a Unix timestamp; None/0 means no expiry. | |
| userid | Yes | Owning PBS user, format 'user@realm'. | |
| comment | No | Optional free-text comment describing the token's purpose. | |
| confirm | No | False (default) returns a dry-run PLAN preview; True executes the mutation. | |
| token_name | Yes | Name for the new API token, unique per user. | |
| proximo_target | No | Which configured Proxmox target to run this call against — a target name from your multi-target config (a specific PVE/PBS/PMG/PDM box). Omit to use the single/default target from the environment; the selection applies only to this call. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |