openshift secret token expiry

Question

We would like to create service user to manage ci/cd workflow for the different teams. Secret tokens can be generated for the service account to perform API operations.

oc create sa sample
oc policy add-role-to-user developer system:serviceaccount:sampleproject:sample
oc describe sa sample
oc describe sa secret sample-token-5s5kl

Above describe command gives us the secret token which we hand over to different teams for their API operations. But the problem we are facing currently is, secret token expires in 4 hrs or so. Is there a way to create never expiring secret tokens ?

Also asked here on OpenShift Google Group. groups.google.com/forum/#!topic/openshift/mpShbj3mxc8 — Graham Dumpleton
Have you tried using oc sa get-token <serviceaccount>? Because, as Graham mentioned in the Google Group, ServiceAccount tokens are not supposed to expire, that's why they're so long! — Will Gordon

CR7 CR7 · Accepted Answer · 2018-11-02T16:28:33

If I am not wrong, they don't expire. Also, I quote from Openshift documentation "The generated API token and registry credentials do not expire, but they can be revoked by deleting the secret. When the secret is deleted, a new one is automatically generated to take its place."Please refer to this page for more info

openshift secret token expiry

1 Answers