Actions
Feature #44063
open
Implement enforcable or automated api key rotation
Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Resolution:
Description
From a security perspective, having a once generated, eternally valid, apikey is a no-go.
It would ge good, to have an administrative setable value to request apikey rotation within
a certain timeframe.
This would be just the same like forcing the users to use two-factor tokens.
Related issues
Updated by Marco Descher about 1 month ago
Related: https://www.redmine.org/issues/44063
Updated by Marco Descher about 1 month ago
Possible duplicate of https://www.redmine.org/issues/43881
Updated by Marius BÄ‚LTEANU 14 days ago
- Related to Feature #43881: Strengthen API authentication: API tokens with expiration, scopes, rate limiting and audit logging added
Actions