Token rotation for Workers


Is it possible to rotate the Worker token automatically.
Every 90days for example?


Hi Thomas,

The rotation of worker tokens is not something that we support specifically at the moment. You could do this manually by just retiring the old workers periodically and creating new ones. You can do this as admin in your environment (see Workers | VIKTOR Documentation) then youโ€™d need to switch those new credentials out in the workers installed on your external machine/server.

This however seems like a very interesting topic to me. Can I ask what your use-case is? Why would you like to rotate this? Do they form a security risk? And how come they do?

Moreover Iโ€™d be interested in what you would like this process to look like. After all, the worker itself is on an external machine which can not be edited from the platform, so a certain amount of manual work would always be required. But would for instance a periodic notification system of sorts with new sets of credentials be an outcome?

Really curious about your ideas!!

This is simply due to internal security best practice. We understand this can be done manually but we do like to automate the boring :slight_smile:

Some authentication protocol such as OAuth 2.0 implement this. It seems to be implement by using long-live token that is use to shorter live token use for request.

Iโ€™ll you dig more into this if youโ€™re interested: RFC 6749: The OAuth 2.0 Authorization Framework

1 Like