Token management request

With the fund and games many people using CircleCI are now having to deal with it is clear that your current Service Token solution could be enhanced in such a way as to add a lot of value as and when such an issue was to happen again with a system that holds a Token value.

At the moment tokens are just a single unique value, which as another post here has noted is something of a pain to rediscover if you need to change them on mass. Also I have in the past raised the issue that the CLI tool does not display enough of a token for you to be sure what config a token relates to, which again does not help.

What I would like you to consider (long term) is a 2-part token. This would be made from your current token, plus a project or system-wide value. As and when we get notified by a third party that their security may have failed all we then need to do is change the project/system value rather than all the individual config level tokens.

Hi @rit001,

Thanks for your feedback on this! I’ve passed your thoughts regarding a key + token system on to our product team.

With regard to the token value not being enough to identify what a token is for, I think that will be addressed by our plans to both add a token preview column to the token tabs where it’s missing in the dashboard (which will allow you to match tokens based on the last few characters of the token) and our plans to add a new endpoint that will provide you with metadata about a specific token (which would even allow you to revoke it directly from the terminal).

Thanks again and feel free to let me know if you have any other thoughts!

Regards,
-Joel