1.2.3 Ensure that the --token-auth-file parameter is not set - KubeApiServers

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Do not use token based authentication.


The token-based authentication utilizes static tokens to authenticate requests to the apiserver. The tokens are stored in clear-text in a file on the apiserver, and cannot be revoked or rotated without restarting the apiserver. Hence, do not use static token-based authentication.


OpenShift does not use the token-auth-file flag. OpenShift includes a built-in OAuth server rather than relying on a static token file. The OAuth server is integrated with the API server.


None is required.

Default Value:

By default, --token-auth-file argument is not set and OAuth authentication is configured.

See Also