diff --git a/Makefile b/Makefile
index 70dc49b..08188a4 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,8 @@ GOFMT ?= gofmt "-s"
 GOFILES := $(shell find . -name "*.go")
 LDFLAGS := -s -w
 VERSION="v1.0.1"
-DOCKER_REPO="container.wang/app-cloudep-permission-service"
+DOCKER_REPO="reg.wang/app-cloudep-permission-service"
+
 
 .PHONY: test
 test: # 進行測試
diff --git a/build/Dockerfile b/build/Dockerfile
index 72350d3..a7e6226 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -7,7 +7,6 @@ FROM golang:1.24.0 as builder
 ARG VERSION
 ARG BUILT
 ARG GIT_COMMIT
-ARG SSH_PRV_KEY
 
 # private go packages
 ENV GOPRIVATE=code.30cm.net
@@ -17,15 +16,12 @@ COPY . .
 
 
 RUN apt-get update && \
-    apt-get install git
+    apt-get install -y git && \
+    mkdir /root/.ssh
 
 # Make the root foler for our ssh
-RUN mkdir -p /root/.ssh && \
-    chmod 0700 /root/.ssh && \
-    ssh-keyscan git.30cm.net > /root/.ssh/known_hosts && \
-    echo "$SSH_PRV_KEY" > /root/.ssh/id_rsa && \
-    chmod 600 /root/.ssh/id_rsa
-
+RUN --mount=type=secret,id=ssh_key,dst=/root/.ssh/id_rsa \
+    ssh-keyscan git.30cm.net >> /root/.ssh/known_hosts
 
 
 RUN --mount=type=ssh go mod download
diff --git a/generate/protobuf/permission.proto b/generate/protobuf/permission.proto
index 5a57d4f..0c3194b 100644
--- a/generate/protobuf/permission.proto
+++ b/generate/protobuf/permission.proto
@@ -121,6 +121,15 @@ message Tokens{
   repeated TokenResp token = 1;
 }
 
+message GetSystemClaimReq{
+  string access_token=1;
+  bool is_expired=2;
+}
+
+message GetSystemClaimResp  {
+  map<string,string> data = 1;
+}
+
 // 跟 Token 相關的大小事，這次只回應錯誤，以及結果，不統一規範
 // 錯誤碼應該在 Biz GW 在做回應，另外我這邊取名字比較通用，
 // access_token -> token , refresh_token -> one_time_token
@@ -141,6 +150,8 @@ service TokenService {
   rpc GetUserTokensByDeviceID(DoTokenByDeviceIDReq) returns(Tokens);
   // GetUserTokensByUID 取得目前所對應的 UID 所存在的 Tokens
   rpc GetUserTokensByUID(QueryTokenByUIDReq) returns(Tokens);
+  // 取得 Claim
+  rpc GetSystemClaimByAccessToken(GetSystemClaimReq) returns(GetSystemClaimResp);
 }
 
 
diff --git a/internal/logic/tokenservice/get_system_claim_by_access_token_logic.go b/internal/logic/tokenservice/get_system_claim_by_access_token_logic.go
new file mode 100644
index 0000000..74f1b3a
--- /dev/null
+++ b/internal/logic/tokenservice/get_system_claim_by_access_token_logic.go
@@ -0,0 +1,36 @@
+package tokenservicelogic
+
+import (
+	"context"
+
+	"code.30cm.net/digimon/app-cloudep-permission-server/gen_result/pb/permission"
+	"code.30cm.net/digimon/app-cloudep-permission-server/internal/svc"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type GetSystemClaimByAccessTokenLogic struct {
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+	logx.Logger
+}
+
+func NewGetSystemClaimByAccessTokenLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetSystemClaimByAccessTokenLogic {
+	return &GetSystemClaimByAccessTokenLogic{
+		ctx:    ctx,
+		svcCtx: svcCtx,
+		Logger: logx.WithContext(ctx),
+	}
+}
+
+// GetSystemClaimByAccessToken 取得 Claim
+func (l *GetSystemClaimByAccessTokenLogic) GetSystemClaimByAccessToken(in *permission.GetSystemClaimReq) (*permission.GetSystemClaimResp, error) {
+	claim, err := l.svcCtx.TokenUseCase.ParseSystemClaimsByAccessToken(in.GetAccessToken(), l.svcCtx.Config.Token.Secret, in.GetIsExpired())
+	if err != nil {
+		return nil, err
+	}
+
+	return &permission.GetSystemClaimResp{
+		Data: claim,
+	}, nil
+}
diff --git a/internal/server/tokenservice/token_service_server.go b/internal/server/tokenservice/token_service_server.go
index 6197cf3..319ab9c 100644
--- a/internal/server/tokenservice/token_service_server.go
+++ b/internal/server/tokenservice/token_service_server.go
@@ -70,3 +70,9 @@ func (s *TokenServiceServer) GetUserTokensByUID(ctx context.Context, in *permiss
 	l := tokenservicelogic.NewGetUserTokensByUIDLogic(ctx, s.svcCtx)
 	return l.GetUserTokensByUID(in)
 }
+
+// 取得 Claim
+func (s *TokenServiceServer) GetSystemClaimByAccessToken(ctx context.Context, in *permission.GetSystemClaimReq) (*permission.GetSystemClaimResp, error) {
+	l := tokenservicelogic.NewGetSystemClaimByAccessTokenLogic(ctx, s.svcCtx)
+	return l.GetSystemClaimByAccessToken(in)
+}
diff --git a/pkg/usecase/additional.go b/pkg/usecase/additional.go
index 722ff28..624b43e 100644
--- a/pkg/usecase/additional.go
+++ b/pkg/usecase/additional.go
@@ -18,7 +18,7 @@ func (use *additional) Set(key token.Additional, val string) {
 	if use.additional == nil {
 		use.additional = make(map[string]string)
 	}
-
+	
 	use.additional[key.String()] = val
 }
 
diff --git a/pkg/usecase/token.go b/pkg/usecase/token.go
index c4c581c..af94e45 100644
--- a/pkg/usecase/token.go
+++ b/pkg/usecase/token.go
@@ -452,6 +452,11 @@ func (use *TokenUseCase) newToken(ctx context.Context, req *usecase.GenerateToke
 	}
 	// 故意 data 裡面不會有那些已經有的欄位資訊
 	data := NewAdditional(req.Data)
+	initData := make(map[string]string, 0)
+	for k, v := range req.Data {
+		initData[k] = v
+	}
+
 	data.Set(dt.ID, token.ID)
 	data.Set(dt.Role, req.Role)
 	data.Set(dt.Scope, req.Scope)