Identities

Pebble has the concept of named “identities”, which lets administrators manage users’ access to the API.

Each identity has a name, an access level, and an authentication type with type-specific configuration. Admins use the identities CLI commands to manage identities, and the identity configuration is persisted to disk.

The identity configuration must be provided to Pebble, and is read from Pebble, in the following YAML format:

identities:
    <name>:
        # (Required) Access level of this identity. Possible values are:
        #
        # - untrusted: has access only to untrusted or "open" endpoints
        # - read: has access to read or "user" endpoints
        # - admin: has access to all endpoints
        access: untrusted | read | admin

        # Configure local, peer credential-based authentication.
        #
        # Currently the only suported authentication type is "local". Other
        # types may be added in future, at which point you may configure an
        # identity with one or more authentication types.
        local:
            # (Required) Peer credential UID.
            user-id: <uid>

For example, a local identity named “bob” with UID 42 that is granted admin access would be defined as follows:

identities:
    bob:
        access: admin
        local:
            user-id: 42