Set Automatic Token Cleanup for Token Credentials [New in Security Center 2.0]
Use the com.snc.platform.security.token.auth.cleanup property to ensure that expired API keys and HMAC secrets are deleted, thereby limiting the potential for token reuse.
If the com.snc.platform.security.token.auth.cleanup property is set to the insecure value of false, expired API keys and HMAC secrets will not be deleted, creating a potential for token reuse. If a token was expired due to leakage or compromise, its reuse could expose the instance to anyone possessing the leaked token.
Expired tokens are retained for the number of days defined by com.snc.platform.security.token.auth.days.expired.hmac_secret.is.kept and com.snc.platform.security.token.auth.days.expired.api_key.is.kept. Valid values for these settings are integers of 0 or greater. A value of 0 results in the expired tokens being deleted on the same day, while a higher number of days increases the exposure period. A default value of 7 days or fewer is recommended.
More information
| Attribute | Description |
|---|---|
| Configuration name | com.snc.platform.security.token.auth.cleanup, com.snc.platform.security.token.auth.days.expired.hmac_secret.is.kept,com.snc.platform.security.token.auth.days.expired.api_key.is.kept |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | integer |
| Recommended value | The recommended values are true, and any integer less than or equal to 7. |
| Default value | 7 |
| Category | Architecture, design, and threat modeling |
| Security risk |
|
| Dependencies and prerequisites | None |