Control: 1.10 Ensure user auth tokens rotate within 90 days or less
Description
Auth tokens are authentication tokens generated by Oracle. You use auth tokens to authenticate with APIs that do not support the Oracle Cloud Infrastructure signature-based authentication. If the service requires an auth token, the service-specific documentation instructs you to generate one and how to use it.
Remediation
OCI Native IAM
From Console
- Login to OCI Console.
- Select
Identity
from the Services menu. - Select
Users
from the Identity menu. - Click on an individual user under the Name heading.
- Click on
Auth Tokens
in the lower left-hand corner of the page. - Delete any auth token with a date of
90 days or older
under theCreated
column of the Auth Tokens.
From Command Line
- Execute the following:
oci iam auth-token delete --user-id <user_OCID> --auth-token-id <id from above>
- You will then be prompted with the below:
Are you sure you want to delete this resource? [y/N]
- Type 'y' and press 'Enter'.
Usage
Run the control in your terminal:
powerpipe control run oci_compliance.control.cis_v110_1_10
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run oci_compliance.control.cis_v110_1_10 --share
SQL
This control uses a named query:
identity_auth_token_age_90