Hey,
Is there any way using the <Pactbroker CLI >...
# pactflowe
Eddie Stanley
11/20/2022, 8:53 PMHey,
Is there any way using the Pactbroker CLI to exchange the long-lived bearer token for a short-lived access token?
Eddie Stanley
11/20/2022, 8:53 PM@Yulia Tekin FYI
m
Matt (pactflow.io / pact-js / pact-go)
11/21/2022, 6:31 AM
We don’t support short lived tokens at this time. Is there a particular workflow you’re aiming for here?
Whilst it’s not what you’re asking, System Administrators can set API tokens to expire via the Preferences page.
e
Eddie Stanley
11/22/2022, 7:57 PMSorry for the delay in responding 🙇♂️
Is there a particular workflow you’re aiming for hereAdmittedly it's an "us" problem, however due to how our CI/CD pipeline works it's difficult to stop the token being exposed in the logs. If we could quickly exchange the long-lived token for a short-lived access token, that would (somewhat) mitigate the risk
m
Matt (pactflow.io / pact-js / pact-go)
11/22/2022, 11:04 PM
No worries!
Matt (pactflow.io / pact-js / pact-go)
11/22/2022, 11:06 PM
hmm one option I can think of:
1. Create a new role and system account for rotating API tokens
2. Create a small service (e.g. a lambda aPI) that can regenerate an API token via the API
3. Your CI/CD job can fetch a dynamic API token from this service, and use during the the job.
It’s a bit complicated, but that could do
thankyou 2 1
2 Views