Bug 1258407

Summary: expiring service account tokens
Product: OKD Reporter: Aleksandar Kostadinov <akostadi>
Component: DocumentationAssignee: Alex Dellapenta <adellape>
Status: CLOSED CURRENTRELEASE QA Contact: Vikram Goyal <vigoyal>
Severity: medium Docs Contact: Vikram Goyal <vigoyal>
Priority: high    
Version: 3.xCC: anli, aos-bugs, mmccomas, wsun
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-08-04 22:17:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Aleksandar Kostadinov 2015-08-31 10:10:21 UTC 
Describe the issue: 
As a user I'd like to know how can I invalidate a service account token and then create a new one. Possible use case is when token becomes exposed to untrusted parties and needs to be replaced

Suggestions for improvement:
Write a section in the service account documentation with explanation how to manage tokens.

https://docs.openshift.com/enterprise/3.0/admin_guide/service_accounts.html
Comment 1 Alex Dellapenta 2021-08-04 22:17:10 UTC 
The "Managing Service Accounts" section[1] has been added since this BZ was opened, which includes the following:

"The generated API token and registry credentials do not expire, but they can be revoked by deleting the secret. When the secret is deleted, a new one is automatically generated to take its place."

[1] https://docs.openshift.com/container-platform/3.11/admin_guide/service_accounts.html#admin-managing-service-accounts