# Kubeconfig And Clients Download Kubeconfig From Ui

In order to access your PMK clusters outside of the PMK UI, you need to have a kubeconfig file that is properly configured with either of the following as mechanisms for authenticating with your PMK cluster:

* an access token generated by PMK for your specific user account, or
* the username and password for your user account (stored in encrypted format in the file)

The `kubeconfig` file for a PMK cluster can be obtained by following these steps:

1. In the PMK UI, navigate to `API Access` menu option on the left side menu.
2. Select the desired cluster from the list of clusters under the `Download kubeconfig` section.
3. Select Token or Password as the Authentication Method and click Download Config.

The `kubeconfig` file will be downloaded in your system’s default ‘Downloads’ folder.

### Token Based kubeconfig

Token-based authentication is a more secure and recommended way of authentication for your kubeconfig.

When you select this option while downloading kubeconfig, the token field in the `kubeconfig` file is populated with the Keystone token for the currently logged in user.

Once generated, a token is valid for a 24-hour duration only.

{% hint style="info" %}
**Note**

When you use token-based authentication, the token must be regenerated every 24 hours by downloading the `kubeconfig` file through PMK.
{% endhint %}

### Password Based kubeconfig

Password-based authentication is a less secure way of authentication for your kubeconfig. When you select this option while downloading kubeconfig, the token field in the `kubeconfig` file is populated with the username and password for currently logged in user in encoded format.

The resulting kubeconfig is valid as long as the username / password are valid.