Skip to content



The User Object controls access to the system. The user object contains a name and a password hash for validating access. Additionally, it can be used to generate time-based, function restricted tokens for use in API calls. The template provides a helper function to generate these for restricted machine access in the discovery and post-install process.

The user object is usually created with an unset password. Thus the user will have no access but still be able to access the system through constructed tokens. The cli has commands to set the password for a user.

Users keep track of who is allowed to talk to DRP, and what actions they are allowed to take in the system.

Field Description
Name A unique name for the user. It cannot be changed after the user is created.
PasswordHash The scrypt hashed version of the user's password. This field is always empty when accessed via the API. Changing the password will also rotate the Secret field.
Secret A random string used to generate and validate access tokens. Changing this field will invalidate any existing tokens, and replace secret with a new, random value.
Roles A list of role names that the user has been assigned.

In addition to the roles asigned to the user, all users also get a claim that allows them to get themself, change their passwords, and get a token for themselves.