Allow forcing a limit on api keys #65658
Labels
>enhancement
:Security/Authentication
Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)
Team:Security
Meta label for security team
Currently, the expiration of api keys can be provided at creation time. If the expiration is not provided the api key will never expire:
Similiar to this password strength issue and the token setting
xpack.security.authc.token.timeout
I would like to have the option to specify the maximum lifetime of an api key:If the administrator sets
xpack.security.authc.api_key.expiration
to180d
and the user does not provide an expiration date when creating the api key the resulting api key will expire after 180 days.If the administrator sets
xpack.security.authc.api_key.expiration
to180d
and the user provides an expiration date of30d
when creating the api key the resulting api key will expire after 30 days.If the administrator sets
xpack.security.authc.api_key.expiration
to180d
and the user provides an expiration date of365d
when creating the api key the creation should fail with an error.The text was updated successfully, but these errors were encountered: