MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Started
Categories Atlas
Created by Guest
Created on May 11, 2021

RELATED FEEDBACK

API Key Expiration date

We have a security reqirement that secrets must expire after 2 years. Therefore it would be awesome if MongoDB Atlas API Keys would support an expiration date. Somethig similar exists for the IP Whitelisting. Here we have the option to remove IP Whitelist entries after er certain time period. But for API Keys it would be better to have an expiration date and keep the API Key in the list even if its expired. In addition it would be good to have a daily notification once the expiration date is ahead less than 30 day.
  • Attach files
  • Guest
    Nov 11, 2024
    Hello! We just added support for Service Accounts using OAuth2.0 as an authentication protocol for the Atlas Admin API. It's currently in Public Preview. With this new feature, client secrets associated with service accounts have a configurable expiration date (min of 8 hours, max of 365 days). Tokens created with client credentials have a default time-to-live of 1 hour. When this feature launches to General Availability, alerting will be in place for client secret expiration configurable for your organization. Please take a look at the documentation and as always thank you for the feedback! https://www.mongodb.com/docs/atlas/api/service-accounts-overview/#std-label-service-accounts-overview
    Reply
  • Guest
    Nov 11, 2024
    I am awaiting for this feature as well
    Reply
  • Guest
    Oct 2, 2024
    Being able to timebox access would be very helpful for our teams
    Reply
  • Guest
    Aug 16, 2023
    Very useful feature to have. Additionally, alerts on API keys that have not been used for a certain period would also be very useful.
    Reply
  • Guest
    Apr 25, 2023
    Very important feature to have as our enterprise security policy requires api keys have expiration period
    Reply
  • Guest
    Apr 25, 2023
    I agree this is very important one. I wish we can have this asap.
    Reply
  • Guest
    Apr 25, 2023
    Its very important to maintain the security of the bank.
    Reply
  • Guest
    Aug 14, 2021
    I agree with this one. An Alert with a setting to inform when api keys are aging (60, 90, 120 days). Currently we have no visibility into how old access keys are without going through the console.
    Reply