cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cluster management API Token

handjojo_sebast
Newcomer

just input for dynatrace.

during the creation of a new API token for cluster management, there are 2 access you can grant into the new token

1) Cluster token management

2) Service Provider API

if I choose both, it asks not to put all access into 1 token, for security reasons ok fine split into 2 tokens. Then Save.

Until I realize that another admin has the same token that I just generated.

what kind of security is this?

if 1 of the admin got hacked, we are doomed


Dynatrace Cluster version 1.178.128,20191030-143701



1 REPLY 1

Radoslaw_Szulgo
Inactive

Hi Sebastian,

thanks for sharing your feedback. Indeed if a token gets leaked, you are doomed - that's why you should keep your tokens safe e.g. never store it as a plaintext in your configuration repository or scripts.

As the warning suggests - you should keep the scope of the token as low as possible to minimize the impact of token leakage.

Moreover, I encourage to implement a token rotation by using Cluster API (/tokens).

As you are all cluster administrators - you all should share same principles of security.


What else I can help you with?


Senior Product Manager,
Dynatrace Managed expert

Featured Posts