timwsuqld
commented
3 months ago Also confirmed on v2.1.3 of netbirdio/dashboard image
Open timwsuqld opened 3 months ago
timwsuqld
commented
3 months ago Also confirmed on v2.1.3 of netbirdio/dashboard image
pascal-fischer
commented
3 months ago Hi @timwsuqld, this was an intentional change to have some kind of key rotation for security reasons. We can discuss if we allow users to have unlimited time keys again as it is the users own risk to decide if he wants that.
timwsuqld
commented
3 months ago @pascal-fischer I'm not asking for unlimited time keys, just the ability to have keys longer than 1 year. We had been using 2 years as the sweetspot to allow rotation, without lots of additional work (rotating the keys requires recreating our deployment packages). Ultimately, we trust our key storage system, so 2 years is a good risk place for us. This is a regression, as we had already been given the ability to create them at 2 years, which has now been removed. I understand changing the UI to just be days, that actually makes it closer to the underlying API, a simple solution is to just allow up to ~750 days is instead of 365.
To be clear, we do try and rotate yearly, but this can't always happen, so having keys last 2 years gives us enough overlap when building our deployment packages.
kramerology
commented
2 months ago Just tossing my 2 cents in here as well, being able to set long-lasting keys (including unlimited time) would be massively appreciated. IMO it should be up to the user/admin to work out a balance between risk and operational practicality.
I do appreciate the desire for security though, so perhaps a compromise could work? Some kind of warning and confirmation for long-lasting keys? A nagging indicator if the key is X days old?
Only commenting because I'm absolutely loving my evaluation of Netbird so far but the limited key lifetime is a major deal breaker for getting the rest of my org on board. Being able to set an unlimited time and then managing the rotating and revoking of keys manually would be ideal
timwsuqld
commented
3 days ago We chose netbird for our VPN solution, because you guys listened and gave us longer setup keys, compared to the competition that only gave 30 days. Please listen to us again, and undo this regression. You listened in the first place when we asked (in slack), now please listen again.
mlsmaycon
commented
3 days ago Hello @timwsuqld we will discuss this case and get back to you soon. In the meantime, one workaround is to update the setup keys' expiration date directly in the database.
timwsuqld
commented
2 days ago @mlsmaycon thanks for considering this. Yes, you can edit the database, however the user interface shows those keys as expired after 12 months, even if they are still valid. This is confusing as it's then not clear if the key works or not, and removes the option to revoke the key.
Describe the problem
In https://github.com/netbirdio/dashboard/pull/90 (https://github.com/netbirdio/netbird/issues/221) we got the option for long expiry setup keys. Now in a recent update they have been limited to a maximum of 1 year.
To Reproduce
Steps to reproduce the behavior:
Expected behavior Expiry should be customisable beyond 1 year. This is needed for our use case of Intune deployments registering devices. We do rotate the keys, but even yearly this is extra work that isn't required.
Are you using NetBird Cloud?
Self hosted
NetBird version
netbirdio/managementimage0.26.3(6de08b4945bf)wiretrustee/dashboard:mainimage4612f6c49a97afa12396c8d7f6399bbcec858f77(f7ec45d9a87b)