Project

General

Profile

Actions
Copy link

Feature #44063

open

Implement enforcable or automated api key rotation

Added by Marco Descher about 1 month ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Resolution:

Description

From a security perspective, having a once generated, eternally valid, apikey is a no-go.

It would ge good, to have an administrative setable value to request apikey rotation within
a certain timeframe.

This would be just the same like forcing the users to use two-factor tokens.

Related issues

Related to Redmine - Feature #43881: Strengthen API authentication: API tokens with expiration, scopes, rate limiting and audit loggingNewActions
Actions
Copy link

Also available in: Atom PDF