Sensu-go: API Keys

Created on 13 Dec 2018  路  3Comments  路  Source: sensu/sensu-go

Users that want to interact with the API currently need to manipulate short-lived JWTs, which doesn't provide a good UX.

  • [ ] API keys should not expire
  • [ ] API keys can be revoked

    • We should ensure they are present in the access list

  • [ ] An API key can be generated by specifying a username and an optional list of groups

    • Unanswered question: If you specify an existing user, do we use the user groups? If so, what happen when its groups are modified?

  • [ ] A new cluster-wide API resource probably need be created for managing API keys

Parent: https://github.com/sensu/sensu-go/issues/2534

enhancement feature

Most helpful comment

In some contexts it may be useful for API keys to _optionally_ expire. Here I am thinking of users with security policies which may require expiration of credentials.

All 3 comments

In some contexts it may be useful for API keys to _optionally_ expire. Here I am thinking of users with security policies which may require expiration of credentials.

API keys should certainly have the option of expiring. Support for expiring API keys is not much work, but the benefits are huge.

@portertech I think we can close this one! Released in 5.15!

https://docs.sensu.io/sensu-go/latest/release-notes/#5-15-0-release-notes

Was this page helpful?
0 / 5 - 0 ratings