Bug 1258407 - expiring service account tokens
Summary: expiring service account tokens
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OKD
Classification: Red Hat
Component: Documentation
Version: 3.x
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
: ---
Assignee: Alex Dellapenta
QA Contact: Vikram Goyal
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-31 10:10 UTC by Aleksandar Kostadinov
Modified: 2021-08-04 22:17 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-08-04 22:17:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Aleksandar Kostadinov 2015-08-31 10:10:21 UTC 
Describe the issue: 
As a user I'd like to know how can I invalidate a service account token and then create a new one. Possible use case is when token becomes exposed to untrusted parties and needs to be replaced

Suggestions for improvement:
Write a section in the service account documentation with explanation how to manage tokens.

https://docs.openshift.com/enterprise/3.0/admin_guide/service_accounts.html
Comment 1 Alex Dellapenta 2021-08-04 22:17:10 UTC 
The "Managing Service Accounts" section[1] has been added since this BZ was opened, which includes the following:

"The generated API token and registry credentials do not expire, but they can be revoked by deleting the secret. When the secret is deleted, a new one is automatically generated to take its place."

[1] https://docs.openshift.com/container-platform/3.11/admin_guide/service_accounts.html#admin-managing-service-accounts
Note You need to log in before you can comment on or make changes to this bug.