--- title: "Linode Authentication in Prowler" --- import { VersionBadge } from "/snippets/version-badge.mdx" Prowler for Linode uses a **Personal Access Token** (PAT) for authentication. Prowler reads the token **exclusively** from the `LINODE_TOKEN` environment variable, so the secret is never exposed in shell history or process listings. There are no credential CLI flags. ## Required Permissions Prowler requires read-only access to your Linode account. The following OAuth scopes are needed on the Personal Access Token: | Scope | Access | Description | |-------|--------|-------------| | `account` | `Read Only` | Required to list users and verify account identity | | `linodes` | `Read Only` | Required to list instances and their configurations | | `firewall` | `Read Only` | Required to list firewalls and their rules | Ensure the token has all required scopes. Missing permissions will cause some checks to fail or return incomplete results. --- ## Personal Access Token ### Step 1: Create a Personal Access Token 1. Log into the [Linode Cloud Manager](https://cloud.linode.com). 2. Click on your username in the top-right corner, then select **API Tokens** under the "My Profile" section. 3. Click **Create a Personal Access Token**. 4. Configure the token: - **Label:** A descriptive name (e.g., "Prowler Security Scanner") - **Expiry:** Set an appropriate expiration (e.g., 6 months) - **Permissions:** Set the following scopes to **Read Only**: - Account - Linodes - Firewall - All other scopes can be set to **No Access** 5. Click **Create Token**. 6. Copy the token immediately — it will not be shown again. ### Step 2: Configure Authentication Set the `LINODE_TOKEN` environment variable: ```bash export LINODE_TOKEN="your-personal-access-token" ``` Then run Prowler: ```bash prowler linode ``` --- ## Verifying Authentication To verify that Prowler can connect to your Linode account, run: ```bash prowler linode --list-checks ``` If authentication succeeds, you will see a list of available checks. If it fails, Prowler will display an error message indicating the credentials issue. --- ## CI/CD Integration For automated pipelines, set the token as a secret environment variable: **GitHub Actions:** ```yaml env: LINODE_TOKEN: ${{ secrets.LINODE_TOKEN }} steps: - name: Run Prowler run: prowler linode ``` **GitLab CI:** ```yaml variables: LINODE_TOKEN: $LINODE_TOKEN prowler_scan: script: - prowler linode ```