You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/manage/security/access-keys.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -100,7 +100,7 @@ an Access-Control-Allow-Origin header.
100
100
:::note
101
101
After an access key is deactivated, there can be a brief period of time during which a previous successful authentication remains cached and a subsequent API request using the deactivated key will succeed. This could occur if the access key was used to authenticate within 15 minutes prior to the key being deactivated.
102
102
:::
103
-
***Rotate**. Refresh an access key with a new Access ID and Access Key. Copy the new ID and key and use them in all the places where the previous access key was used. Rotate access keys in accordance with your company's rules. By default, access keys expire in 180 days after creation or rotation, though the [access keys expiration policy](#access-keys-expiration-policy) can be updated by a Sumo Logic administrator. An access key's expiration date appears in the **Expires At** column.
103
+
***Rotate**. Refresh an access key with a new Access ID and Access Key. Copy the new ID and key and use them in all the places where the previous access key was used. (The old key is still usable for 5 minutes after rotation.) Rotate access keys in accordance with your company's rules. By default, access keys expire in 180 days after creation or rotation, though the [access keys expiration policy](#access-keys-expiration-policy) can be updated by a Sumo Logic administrator. An access key's expiration date appears in the **Expires At** column.
104
104
***Delete**. Permanently removes the access key. The key will no longer be usable for API calls. However, deleting a key used to register a collector does not affect the collector, since the only time a collector uses the access key is at installation.
105
105
106
106
### Organization access keys
@@ -129,21 +129,22 @@ To configure the access keys deactivation policy:
129
129
130
130
Sumo Logic will expire and deactivate access keys by default 180 days after the keys are created or rotated. Automatically expiring keys ensures they don't remain in use past your company's access key rotation rules.
131
131
132
-
An access key's expiration date appears in the **Expires At** column on the **Access Keys** tab. You can sort by this column to see when you must rotate keys. To rotate a key, hover your mouse over an access key, click the three-dot kebab icon, and select **Rotate**. Rotating an access key resets its expiration date according to the number of days in the policy.
132
+
An access key's expiration date appears in the **Expires At** column on the **Access Keys** tab. You can sort by this column to see when you must rotate keys. To rotate a key, hover your mouse over an access key, click the three-dot kebab icon, and select **Rotate**. (The old key is still usable for 5 minutes after rotation.) Rotating an access key resets its expiration date according to the number of days in the policy.
133
133
134
134
An administrator can adjust the time period before access keys expire. To configure this option, you must be a Sumo Logic Administrator or have the **Manage organization settings** role capability.
135
135
136
136
To configure the access keys expiration policy:
137
137
1.[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Security > Policies**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Administration**, and then under **Account Security Settings** select **Policies**. You can also click the **Go To...** menu at the top of the screen and select **Policies**.
138
138
1. Under the **Access Keys Expiration** section, select a value in the **Expiration** field. <br/><img src={useBaseUrl('img/security/access-key-expiration-policy.png')} alt="Access keys expiration settings in Sumo Logic, allowing automatic expiration of API access keys after a specified number of days." style={{border: '1px solid gray'}} width="600"/>
139
-
:::warning
140
-
When you change the policy, all access keys inherit the new policy, and the expiration date for all access keys is reset. For example, if you change the policy to 90 days, then the expiration date is reset on all access keys to 90 days from the date the policy was changed.
141
-
:::
142
139
143
140
:::note
144
141
This section is visible to Administrators only.
145
142
:::
146
143
144
+
:::warning
145
+
When you change the policy, all access keys inherit the new policy, and the expiration date for all access keys is reset. For example, if you change the policy to 90 days, then the expiration date is reset on all access keys to 90 days from the date the policy was changed.
146
+
:::
147
+
147
148
## Audit logging for access key activity
148
149
149
150
Access key events are recorded in the Audit Event Index. To search for for access key events, run this query:
0 commit comments