Skip to main content
Skip table of contents

tokenKeys

This command allows you to view and manage the keys used for signing JSON Web Tokens (JWTs). Signed JWTs are used for communication between the components of the SuperSTAR suite. See the SuperSTAR security overview for more details.

tokenKeys view

List all token keys, including their:

  • Key ID

  • Status

  • Signing expiry

  • Verification expiry

tokenKeys revoke <id>

Revokes the specified key.

This command can be used if the individual key may have been compromised. Once it has been revoked, no tokens signed with the key will be able to be used. Revoking a key automatically promotes the next waiting key and replaces it with a new one.

tokenKeys revokeAll

Revokes all keys.

This command can be used if the instance may have been compromised. Once the keys have been revoked, all current tokens will be invalid.

tokenKeys retire <id>

Makes the specified key inactive.

The key will no longer be used for signing, but will still be used for verification of existing tokens. This happens automatically according to the configured intervals, so is only require to retire a key early. This will not cause any interruption to user activity.

tokenKeys retireActive

Makes all active keys inactive.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close