Is it too much to ask that you would warn organisation admins (and user that created project) that SONAR_TOKEN is expiring and when it has expired… been violently removed.
Also, having a list of project name, create date, creator, token expiry date, last scan would be nice.
Hello Sten,
Thank you for the feedback, I have made an insight for sending token expiration notifications. This is an improvement we are looking forward to implementing.
It is possible to create Scoped Organization Tokens, where you can set a custom expiry date, for a specific set of projects. We are currently working on expanding its scope even more. This is available from team plan and above. If you have access to this, would it help solve your issue until token expiry notifications are implemented?
For the list, would you like all that information to be in the Personal Access token List or the existing projects overview?
Logical place for the list would be either in Admin tools or as a per-project indicator (with number of days left counter) in the project list.
Regarding Scoped Organization Tokens i see no use currently as it has same max age.
Hello Sten,
Thank you for your reply!
We will add this hopefully sooner then later.
We did get to implement improvements to Scoped Organization tokens that might help you out now. As it is possible to create SOT without an expiry, so they will never get deleted unless you choose to. And you can give them access to all current and future projects in your organization.
Hope this helps for now, and I am looking forward to creating an actual token expiry notification for you soon!
I assume that the feature has been implemented.
In the CI/CD pipeline scenario, the token is generated with a short expiration before the evaluation is executed and is deleted immediately afterward.
The warning remains visible in the interface, indicating the expiration of a token that no longer exists.