Service token self-roll
#1108
Replies: 1 comment 1 reply
-
|
Hi @sandstrom, We are actually upgrading the service token authentication method right now to service token V3 (ST V3); this is still underway but and will definitely take this into account. Will keep the thought process posted in this discussion |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Sounds good! You are probably aware, but do check out these two for inspiration. (they also have their flaws, but also some advantages over JWT and other token schemes) |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
When it comes to service tokens, they may sometimes be transferred in a semi-secure medium. For example, we may push them to an EC2 node via the AWS instance metadata service, or via cloud init.
For such scenarios, it's quite useful if the holder of a token may refresh it (basically self-roll it) and then invalidate the old one.
Obviously the new token should share the same expiry and scope.
Beta Was this translation helpful? Give feedback.
All reactions