Skip to content

Make ALLOW_TOKEN_RETRIEVAL = False the default #18751

New issue
New issue
Closed
Feature
Closed
Make ALLOW_TOKEN_RETRIEVAL = False the default#18751
Feature
Assignees
jeremystretch
Labels
breaking changeThis change modifies or removes some previously documented functionalitycomplexity: lowRequires minimal effort to implementstatus: acceptedThis issue has been accepted for implementationtype: featureIntroduction of new functionality to the application
Milestone
 
v4.3
@hikhvar

Description

@hikhvar
hikhvar
opened on Feb 27, 2025

NetBox version

v4.2.3

Feature type

Change to existing functionality

Proposed functionality

Currently,
a newly setup netbox will have set ALLOW_TOKEN_RETRIEVAL = True. This is a bad and insecure default, as API tokens of users should not be visible to administrators.

Use case

Be more secure by default.

If somebody gets administrator permissions on accident (people make errors), they immediatly have access to all tokens with the current default. That should not be the case

Database changes

No response

External dependencies

No response

Metadata

Metadata

Assignees

Labels

breaking changeThis change modifies or removes some previously documented functionalitycomplexity: lowRequires minimal effort to implementstatus: acceptedThis issue has been accepted for implementationtype: featureIntroduction of new functionality to the application

Type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions