Prowler for Linode uses a Personal Access Token (PAT) for authentication. Prowler reads the token exclusively from the LINODE_TOKEN environment variable, so the secret is never exposed in shell history or process listings. There are no credential CLI flags.
Required Permissions
Prowler requires read-only access to your Linode account. The following OAuth scopes are needed on the Personal Access Token:
| Scope | Access | Description |
|---|
account | Read Only | Required to list users and verify account identity |
linodes | Read Only | Required to list instances and their configurations |
firewall | Read Only | Required to list firewalls and their rules |
Ensure the token has all required scopes. Missing permissions will cause some checks to fail or return incomplete results.
Personal Access Token
Step 1: Create a Personal Access Token
- Log into the Linode Cloud Manager.
- Click on your username in the top-right corner, then select API Tokens under the “My Profile” section.
- Click Create a Personal Access Token.
- Configure the token:
- Label: A descriptive name (e.g., “Prowler Security Scanner”)
- Expiry: Set an appropriate expiration (e.g., 6 months)
- Permissions: Set the following scopes to Read Only:
- All other scopes can be set to No Access
- Click Create Token.
- Copy the token immediately — it will not be shown again.
Set the LINODE_TOKEN environment variable:
export LINODE_TOKEN="your-personal-access-token"
Verifying Authentication
To verify that Prowler can connect to your Linode account, run:
prowler linode --list-checks
CI/CD Integration
For automated pipelines, set the token as a secret environment variable:
GitHub Actions:
env:
LINODE_TOKEN: ${{ secrets.LINODE_TOKEN }}
steps:
- name: Run Prowler
run: prowler linode
variables:
LINODE_TOKEN: $LINODE_TOKEN
prowler_scan:
script:
- prowler linode
About Us