Hi All:
I did see a question here regarding Jenkins API Token expiry (API token expiry).
In Jenkins the following is mentioned:
Some good practices for keeping your API tokens secure are:
- Use a different token for each application so that if an application is compromised you can revoke its token individually.
- Regenerate the tokens every 6 months (depending on your context). We display an indicator concerning the age of the token.
- Protect it like your password, as it allows other people to access Jenkins as you.
The question:
The second bullet point says “Regenerate the tokens every 6 months (depending on your context).” I know it is mentioned in best practices that it is good to change every six months, but, will Jenkins expire this API Token every 6 months? and I don’t understand the statement “depending on your context” and that is confusing and so will the API token once created, will be never expiring?
This is required as never expiring because we are using a REST API and making calls to create folders via the API Token and if it expires, we will have to regenerate and do additional build and other activities with the new token every six months, which is not acceptable to the client.
Thanks & Regards,
David