topic Re: Cluster management API Token in Dynatrace API

Cluster management API Token

handjojo_sebast — Tue, 07 Jan 2020 02:38:16 GMT

just input for dynatrace.

during the creation of a new API token for cluster management, there are 2 access you can grant into the new token

1) Cluster token management

2) Service Provider API

if I choose both, it asks not to put all access into 1 token, for security reasons ok fine split into 2 tokens. Then Save.

Until I realize that another admin has the same token that I just generated.

what kind of security is this?

if 1 of the admin got hacked, we are doomed

Dynatrace Cluster version 1.178.128,20191030-143701

Re: Cluster management API Token

Radoslaw_Szulgo — Tue, 07 Jan 2020 14:56:38 GMT

Hi Sebastian,

thanks for sharing your feedback. Indeed if a token gets leaked, you are doomed - that's why you should keep your tokens safe e.g. never store it as a plaintext in your configuration repository or scripts.

As the warning suggests - you should keep the scope of the token as low as possible to minimize the impact of token leakage.

Moreover, I encourage to implement a token rotation by using Cluster API (/tokens).

As you are all cluster administrators - you all should share same principles of security.

What else I can help you with?