Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-11119

Personal Access Token expiration policies

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Closed (View Workflow)
    • Resolution: Fixed
    • Fix Version/s: 7.3.0
    • Component/s: None
    • Labels:
      None
    • UIS:
      12
    • Feedback Policy:
      We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      Our security team has asked us to implement MFA on bitbucket, which we have done on the from end via a SAML/SSO plugin, however, the actual git methods to access the repos still is only single factor via SSH keys and Personal Access tokens.  I understand that this is generally a limitation on git functionality and so does my IT folks.

      However, the issue with the SSH leys and PATs is that they are unlimited duration and should they be compromised, there is nothing that at least expires their value after some point of time.  It ould be nice to be able to have a feature that would allow some type of PAT expiration policy(s) be assigned on the system that would force the renewal by users of these tokens.  Probably based on a configured number of days for example.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              c840f115d1f9 Daniel Holmes
              Votes:
              15 Vote for this issue
              Watchers:
              11 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: