Open timwsuqld opened 8 months ago
Also confirmed on v2.1.3 of netbirdio/dashboard
image
Hi @timwsuqld, this was an intentional change to have some kind of key rotation for security reasons. We can discuss if we allow users to have unlimited time keys again as it is the users own risk to decide if he wants that.
@pascal-fischer I'm not asking for unlimited time keys, just the ability to have keys longer than 1 year. We had been using 2 years as the sweetspot to allow rotation, without lots of additional work (rotating the keys requires recreating our deployment packages). Ultimately, we trust our key storage system, so 2 years is a good risk place for us. This is a regression, as we had already been given the ability to create them at 2 years, which has now been removed. I understand changing the UI to just be days, that actually makes it closer to the underlying API, a simple solution is to just allow up to ~750 days is instead of 365.
To be clear, we do try and rotate yearly, but this can't always happen, so having keys last 2 years gives us enough overlap when building our deployment packages.
Just tossing my 2 cents in here as well, being able to set long-lasting keys (including unlimited time) would be massively appreciated. IMO it should be up to the user/admin to work out a balance between risk and operational practicality.
I do appreciate the desire for security though, so perhaps a compromise could work? Some kind of warning and confirmation for long-lasting keys? A nagging indicator if the key is X days old?
Only commenting because I'm absolutely loving my evaluation of Netbird so far but the limited key lifetime is a major deal breaker for getting the rest of my org on board. Being able to set an unlimited time and then managing the rotating and revoking of keys manually would be ideal
We chose netbird for our VPN solution, because you guys listened and gave us longer setup keys, compared to the competition that only gave 30 days. Please listen to us again, and undo this regression. You listened in the first place when we asked (in slack), now please listen again.
Hello @timwsuqld we will discuss this case and get back to you soon. In the meantime, one workaround is to update the setup keys' expiration date directly in the database.
@mlsmaycon thanks for considering this. Yes, you can edit the database, however the user interface shows those keys as expired after 12 months, even if they are still valid. This is confusing as it's then not clear if the key works or not, and removes the option to revoke the key.
Yes it would be nice if there is a way to create long lasting setup keys. I have alot of people working remote and i would like to provide remote techincal support for them using netbird network. But having to go and chase around people with expired keys and update them each year can make it hard. Leave the choice to people if they would like to create permanent keys or time limited keys if possible.
Describe the problem
In https://github.com/netbirdio/dashboard/pull/90 (https://github.com/netbirdio/netbird/issues/221) we got the option for long expiry setup keys. Now in a recent update they have been limited to a maximum of 1 year.
To Reproduce
Steps to reproduce the behavior:
Expected behavior Expiry should be customisable beyond 1 year. This is needed for our use case of Intune deployments registering devices. We do rotate the keys, but even yearly this is extra work that isn't required.
Are you using NetBird Cloud?
Self hosted
NetBird version
netbirdio/management
image0.26.3
(6de08b4945bf
)wiretrustee/dashboard:main
image4612f6c49a97afa12396c8d7f6399bbcec858f77
(f7ec45d9a87b
)