Uploaded image for project: 'Red Hat OpenShift Control Planes'
  1. Red Hat OpenShift Control Planes
  2. CNTRLPLANE-1742

Enforce TTL for service account tokens

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Obsolete
    • Icon: Normal Normal
    • None
    • None
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • None
    • None
    • None

      As part of bound-service-account-signing-key rotation, enforce a limited TTL of 24 hours for the service account tokens (to be determined) to ensure that service account tokens are signed with the new private key.

      The goal is to allow a graceful rotation of bound-service-account-signing-key, to permit old token key validation until they expire based on TTL.

      After the TTL, the old public key will be removed.

      Reference: https://redhat-external.slack.com/archives/C075PHEFZKQ/p1764593594629019?thread_ts=1762880828.612129&cid=C075PHEFZKQ

              Unassigned Unassigned
              oadler@redhat.com Ori Haim Adler
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: