Closed vemv closed 2 years ago
I think this is a really good idea! The idea of "one use" is a bit tricky, since a single deploy is many requests, but all requests should be in the same HTTP session, so we could attach a session identifier to the token on the first request, then only allow future requests within that same session.
I think implementing this would be straightforward. Are you interested in implementing this? If so, I'm happy to help. I can also do this myself, but wanted to give you the opportunity if you were interested.
Thanks for the response!
Maybe in a different season I'd be happy to give a PR shot - these days I have quite a lot on my plate (OSS and otherwise)
I've added support for single-use tokens, and you can now set an expiry on tokens:
You can now also filter the list of tokens on the token management page:
Amazing, thank you for the effort!
Will sure start using these exclusively.
Context
I like to use the deploy tokens as one-off (single-use) ones: that way I get to never store them, which has some associated risks.
Problem statement
There isn't explicit support for one-off tokens so one has to manually disable them after use. They also accrue quite awkwardly over the web UI:
Proposed solution
Offer one-off tokens that can be used once at most (and that maybe are valid only up to 60m from now).
They would not accrue over the web UI.
WDYT?
Thanks - V