diff options
Diffstat (limited to 'doc/security/token_overview.md')
| -rw-r--r-- | doc/security/token_overview.md | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/security/token_overview.md b/doc/security/token_overview.md index 2a971b21840..333548fa1c9 100644 --- a/doc/security/token_overview.md +++ b/doc/security/token_overview.md @@ -117,4 +117,9 @@ Instead, API calls can be passed an access token using headers, like [the `Priva Tokens can also be stored using a [Git credential storage](https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage). +Tokens should not be committed to your source code. Instead, consider an approach such as [using external secrets in CI](../ci/secrets/index.md). + When creating a scoped token, consider using the most limited scope possible to reduce the impact of accidentally leaking the token. + +When creating a token, consider setting a token that expires when your task is complete. For example, if performing a one-off import, set the +token to expire after a few hours or a day. This reduces the impact of a token that is accidentally leaked because it is useless when it expires. |