Change the default token lifetime

Tokens have a default authentication lifetime of one hour, but this default value can be adjusted in the console. You can also change the maximum permitted lifetime, which defaults to 10 years.

1. In the console, click Node groups.
2. Open the PE Infrastructure node group and click the PE Console node group.
3. On the Classes tab, find the puppet_enterprise::profile::console class.
4. In the Parameter field, select the parameter you want to adjust:
   • rbac_token_auth_lifetime: Set the default token lifetime. The default is one hour.
   • rbac_token_maximum_lifetime: Set the maximum allowable lifetime for all tokens. The default is 10 years.
5. In the Value field, enter the new default authentication lifetime.

   Specify a numeric value followed by:

   • y (years)
   • d (days)
   • h (hours)
   • m (minutes)
   • s (seconds)

   For example, 12h sets the lifetime to 12 hours.

   Do not add a space between the numeric value and the unit of measurement.

   If you do not specify a unit, it is assumed to be seconds (s).

   The rbac_token_auth_lifetime cannot exceed the rbac_token_maximum_lifetime value.

6. Click Add parameter, and commit changes.