You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With [NPM] granular access tokens it is possible to create tokens that expire after a while. In many scenarios this means a new token must be generated after that and in all likelihood this new token should have the exact same configuration as the original token. Currently this requires creating a new token from scratch and configuring it in the same way as the previous token.
If it were possible to regenerate an existing token (using the existing configuration) this would make token rotation a lot easier.
This request is related to npm/feedback#849 in that it can help alleviate the operational overhead of expiring tokens a bit (though I do not mean to suggest it's substitute for that request).
But most of us with experience know that access token without an expiry are bad security.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Reviving a previously posted request:
npm/feedback#1088
The original poster also suggested that:
But most of us with experience know that access token without an expiry are bad security.
Beta Was this translation helpful? Give feedback.
All reactions