Non-Expiring JWTs on Orka 3.0.2

The latest version of Orka 3 introduces service-accounts with non-expiring tokens. Though there are maintenance benefits with these, there are also security-implications if they are every compromised.

How can a non-expiring token be revoked? Would you have to delete the associated service-account to invalidate it, then recreate it?

Also, the CLI Ref should be updated to reflect the new changes in Orka 3.0.2.

1 Like

Thanks for the feedback @Nush. The documentation should be updated to reflect the new --no-expiration option.

The main object the admin users manage is the serviceaccount. These accounts and associated tokens are meant to be long-lived to allow for simplified integration with your build systems. Deleting the serviceaccount object will also remove the associated tokens, and this is the recommended approach if you think the tokens have been compromised, no matter their duration/expiration.

-Jason

1 Like

Thanks @jasondavis for confirming. That’s good to know.

1 Like