Better support for one-off deploy tokens

[vemv]

Context

I like to use the deploy tokens as one-off (single-use) ones: that way I get to never store them, which has some associated risks.

Problem statement

There isn't explicit support for one-off tokens so one has to manually disable them after use. They also accrue quite awkwardly over the web UI:

Proposed solution

Offer one-off tokens that can be used once at most (and that maybe are valid only up to 60m from now).

They would not accrue over the web UI.

WDYT?

Thanks - V

[tobias]

I think this is a really good idea! The idea of "one use" is a bit tricky, since a single deploy is many requests, but all requests should be in the same HTTP session, so we could attach a session identifier to the token on the first request, then only allow future requests within that same session.

I think implementing this would be straightforward. Are you interested in implementing this? If so, I'm happy to help. I can also do this myself, but wanted to give you the opportunity if you were interested.

[vemv]

Thanks for the response!

Maybe in a different season I'd be happy to give a PR shot - these days I have quite a lot on my plate (OSS and otherwise)

[tobias]

I've added support for single-use tokens, and you can now set an expiry on tokens:

You can now also filter the list of tokens on the token management page:

[vemv]

Amazing, thank you for the effort!

Will sure start using these exclusively.