Actions
Feature #44063
open
Implement enforcable or automated api key rotation
Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Resolution:
Description
From a security perspective, having a once generated, eternally valid, apikey is a no-go.
It would ge good, to have an administrative setable value to request apikey rotation within
a certain timeframe.
This would be just the same like forcing the users to use two-factor tokens.
Updated by Marco Descher about 4 hours ago
Related: https://www.redmine.org/issues/44063
Updated by Marco Descher about 4 hours ago
Possible duplicate of https://www.redmine.org/issues/43881
Actions