Hi @KerwinKoo. I would probably recommend you do the following;
-
make a new identity that's an administrator:
ziti edge create identity myadmin --admin -o myadmin.jwt -
enroll the identity so that it generates a key and cert:
ziti edge enroll myadmin.jwt -
use the ziti cli to unwrap that identity to get discrete key/cert/ca files;
ziti ops unwrap myadmin.json -
the files come with file mode 000 on them so make them usable by your user
chmod 700 myadmin.* -
use those unwrapped files for connections - for example with curl:
curl -s \ --cert myadmin.cert \ --key myadmin.key \ --cacert myadmin.ca \ -X POST https://localhost:8441/edge/management/v1/authenticate?method=cert \ | jq -r .data.token -
use the token that comes back in subsequent requests along with the cert/key/ca
token="39734f04-9687-48de-acff-6663d31dc122" curl -s \ --cert myadmin.cert \ --key myadmin.key \ --cacert myadmin.ca \ -H "zt-session:$token" \ -X GET https://localhost:8441/edge/management/v1/identities \ | jq .data[]
That give you enough to go on? I think it should but if not let me know...