If the com.snc.platform.security.token.auth.cleanup system property is set to the insecure value of false, expired API keys and HMAC secrets will not be deleted. This creates a potential for token reuse. If the token was expired due to leakage or compromise, reuse exposes the instance to anyone possessing the leaked token. Expired tokens are kept for the number of days defined by the com.snc.platform.security.token.auth.days.expired.hmac_secret.is.kept and com.snc.platform.security.token.auth.days.expired.api_key.is.kept system properties. Integer values of 0 and greater are valid values. A value of 0 causes the expired tokens to be deleted in the same day. The default of 7 days, or fewer, is recommended.

Ensure the property com.snc.platform.security.token.auth.cleanup does not exist in the System Properties [sys_properties] table or is set to true. Ensure that the properties com.snc.platform.security.token.auth.days.expired.api_key.is.kept and com.snc.platform.security.token.auth.days.expired.hmac_secret.is.kept do not exist in the System Properties [sys_properties] table or are set to 7 or less.

More information