diff --git a/content/rancher/v2.6/en/api/api-tokens/_index.md b/content/rancher/v2.6/en/api/api-tokens/_index.md index a411b0bf8c6..c707579a08b 100644 --- a/content/rancher/v2.6/en/api/api-tokens/_index.md +++ b/content/rancher/v2.6/en/api/api-tokens/_index.md @@ -45,5 +45,15 @@ Admins can set a global TTL on Kubeconfig tokens. Once the token expires the kub 4. Edit the setting and set the value to desired duration in minutes. _**Note:**_ This value cannot exceed max-ttl of API tokens.(`https://}}/rancher/v2.6/en/installation/resources/feature-flags). + +This feature will affect all tokens which include, but are not limited to, the following: + +- Kubeconfig tokens +- Bearer tokens API keys/calls +- Tokens used by internal operations + diff --git a/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md b/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md index 1ff526df0f1..20a6541ec85 100644 --- a/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md +++ b/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md @@ -28,6 +28,7 @@ For example, if you install Rancher, then set a feature flag to true with the Ra The following is a list of the feature flags available in Rancher: +- `token-hashing`: This feature enables one-way [hashing of tokens]({{}}/rancher/v2.6/en/api/api-tokens) and cannot be disabled once enabled. - `fleet`: Rancher comes with [Fleet]({{}}/rancher/v2.6/en/deploy-across-clusters/fleet) preinstalled in v2.5+. Rancher v2.6's new provisioning system leverages Fleet's bundle deployment capabilities in order to manage clusters at scale. Therefore, in Rancher v2.6, Fleet can no longer be disabled. If Fleet was disabled in Rancher v2.5.x, it will become enabled if Rancher is upgraded to v2.6.x. - `continuous-delivery`: In Rancher v2.5.x, Fleet came with a GitOps feature that could not be disabled separately from Fleet. In Rancher v2.6, the `continuous-delivery` feature flag was introduced to allow the GitOps feature of Fleet to be disabled. For more information, see [this page.](./continuous-delivery) - `istio-virtual-service-ui`: This feature enables a [UI to create, read, update, and delete Istio virtual services and destination rules]({{}}/rancher/v2.6/en/installation/options/feature-flags/istio-virtual-service-ui), which are traffic management features of Istio. @@ -47,6 +48,7 @@ The below table shows the availability and default value for feature flags in Ra | `fleet` | `true` | GA* | v2.5.0 | | | `fleet` | `true` | Can no longer be disabled | v2.6.0 | N/A | | `continuous-delivery` | `true` | GA* | v2.6.0 | | +| `token-hashing` | `false` | GA* | v2.6.0 | | \* Generally Available. This feature is included in Rancher and it is not experimental. diff --git a/content/rancher/v2.6/en/user-settings/api-keys/_index.md b/content/rancher/v2.6/en/user-settings/api-keys/_index.md index 49aae28a87f..8f2a52a7285 100644 --- a/content/rancher/v2.6/en/user-settings/api-keys/_index.md +++ b/content/rancher/v2.6/en/user-settings/api-keys/_index.md @@ -19,6 +19,8 @@ API Keys are composed of four components: - **Secret Key:** The token's password. For applications that prompt you for two different strings for API authentication, you usually enter the two keys together. - **Bearer Token:** The token username and password concatenated together. Use this string for applications that prompt you for one authentication string. +>Note: Users may opt to enable [token hashing]({{}}/rancher/v2.6/en/api/api-tokens). + ## Creating an API Key 1. Select **User Avatar** > **API & Keys** from the **User Settings** menu in the upper-right.