Skip to navigationSkip to main contentSkip to footerScaleway DocsAsk our AI
Ask our AI
Log inSign up

How to set and manage credential maximum duration

For increased security in your Organization, you can define a maximum duration for credentials (console sessions and API keys) created within it. Limiting credential lifetime reduces the risk of leaked or compromised credentials remaining valid at the time of exposure.

Important

The security measures described on this page apply to credentials of both Owners and IAM members.

Before you start

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization

How to set a maximum duration for API keys

You can define a maximum duration for all API keys created inside your Organization. By default, API keys do not expire unless the creator specifies an expiration date when creating them.

Note

The maximum duration applies to all new API keys created in the Organization including those of Owners, Members, and Applications.

  1. Go to your security settings.

  2. Scroll to the Credential limitations section.

  3. Click *Set up API keys duration. A pop-up appears.

  4. Choose the maximum duration allowed for API keys in the Organization.

    Important

    Setting a maximum duration does not affect existing API keys. To enforce a new time-to-live policy on older API keys, you must either:

    • Add an expiration date to any API key that does not have one
    • Revoke and recreate an API key if it already has an expiration date that does not comply with the new maximum duration

    It is not possible to modify the expiration date of an existing API key.

  5. Click Confirm.

The maximum duration now applies to all newly created API keys. Users must specify an expiration date that complies with this limit. Any API key created with no expiration date or a duration exceeding the limit will result in an error.

How to edit or remove a maximum duration for API keys

  1. Go to your security settings.
  2. Scroll to the Credential limitations section.
  3. Click *Set up API keys duration. A pop-up appears.
  4. In the pop-up, you can:
    • Select a new maximum duration
    • Remove the limitation entirely
    Important

    As with the initial setup, modifying the maximum duration does not retroactively affect existing API keys.

  5. Click Confirm.

How to define a maxium duration for console sessions

A console session corresponds to the period during which a user is logged in to the Scaleway console and able to perform actions (view, create, manage resources). Sessions end when the user logs out, or automatically when the maximum duration is reached. All console sessions have a maximum duration. By default, if not manually configured, the maximum duration is 30 days.

The maximum duration applies to console sessions of both Owners and Members.

  1. Go to your security settings.
  2. Scroll to the Credential limitations section.
  3. Click Edit in the Console session maximum duration section. A pop-up appears.
  4. Choose the maximum allowed duration for console sessions in your Organization.
    Important

    This setting affects all console sessions, including already active ones.
    The change may take up to one hour to fully apply.

  5. Click Confirm.
See Also
How to set up SSO with AuthentikHow to create an application
Still need help?

Create a support ticket
No Results