DigitalOcean CLI (doctl)

doctl is the official DigitalOcean command line interface (CLI). It allows you to interact with the DigitalOcean API via the command line.

You should create a dedicated user for the doctl application, so that it can securely store the Personal Access Token for the DigitalOcean API. You can then access the privileged doctl command from your normal workstation account via sudo.

Create doctl user

[bash]: Run this on your workstation:
sudo useradd -s /bin/bash -m doctl

Install doctl client

Following the doctl install guide, install the doctl client directly in the home directory of the doctl user:

[bash]: Run this on your workstation:
DOCTL_VERSION=1.104.0
DOCTL_PLATFORM=linux-amd64
(set -e
sudo curl -L -O --output-dir /usr/local/src https://github.com/digitalocean/doctl/releases/download/v${DOCTL_VERSION}/doctl-${DOCTL_VERSION}-${DOCTL_PLATFORM}.tar.gz
sudo tar -C ~doctl/ -x -f /usr/local/src/doctl-${DOCTL_VERSION}-${DOCTL_PLATFORM}.tar.gz
sudo ~doctl/doctl completion bash | sudo tee /etc/profile.d/doctl_completion.sh
)

Create app alias for normal user account

In your normal workstation account, create this alias in your ~/.bashrc (or ~/.bashrc.local) to make it more convenient to run doctl via sudo:

Edit this file: ~/.bashrc
## DigitalOcean client (dotcl):
DOCTL_SUDO="sudo -u doctl"
if command -v host-spawn >/dev/null; then
    if [ -n "${TOOLBOX_CONTAINER}" ]; then
        DOCTL_HOME=$(host-spawn getent passwd doctl | cut -d: -f6)
        DOCTL_SUDO="host-spawn ${DOCTL_SUDO}"
    else
        DOCTL_HOME=~doctl
    fi
else
    DOCTL_HOME=~doctl
fi
alias doctl="${DOCTL_SUDO} ${DOCTL_HOME}/doctl"
## Bash completion for dotcl:
BASH_COMPLETION=/etc/profile.d/bash_completion.sh
DOCTL_COMPLETION=/etc/profile.d/doctl_completion.sh
test -f ${BASH_COMPLETION} && source ${BASH_COMPLETION}
test -f ${DOCTL_COMPLETION} && source ${DOCTL_COMPLETION}

Restart your terminal, and you can now use doctl from your normal account.

Create a Personal Access Token

Read the offical documentation for creating tokens

Tokens allow programmatic access to the resources owned by a single Team.

  • Create a new Team, or choose an existing one. (If the domain name, or another resource you want to use, is already controlled by an existing team, choose that team).
  • Create the new token for the team.
  • Decide what scopes you want to allow the doctl user to access, or choose Full Access.
  • Copy the token string to the clipboard.

Register the client using the token, choose any context name (but it should reference your team name and/or role somehow):

[bash]: Run this on your workstation:
DOCTL_CONTEXT=my_team
doctl auth init --context "${DOCTL_CONTEXT}"

Use the doctl client

Read the Self-hosting Docker book and setup a Docker server on DigitalOcean, using doctl.

Read the doctl command reference.