ALTER SERVICE ACCOUNT modifies service account settings.
ALTER SERVICE ACCOUNT username ENABLE- enables service account.
ALTER SERVICE ACCOUNT username DISABLE- disables service account.
ALTER SERVICE ACCOUNT username WITH PASSWORD password- sets password for the service account.
ALTER SERVICE ACCOUNT username WITH NO PASSWORD- removes password for the service account.
ALTER SERVICE ACCOUNT username CREATE TOKEN TYPE JWK- adds Json Web Key to the service account. Returns public key (x, y) and private key. The private key is not stored in QuestDB.
ALTER SERVICE ACCOUNT username DROP TOKEN TYPE JWK- removes Json Web Key from the service account.
Removing a password is not possible using
WITH PASSWORD '' as it will reject
Result of commands above can be verified with
SHOW USER, e.g.
Here, the TTL (Time-to-Live) value should contain an integer and a unit, such as
1m. The supported units are:
The minimum allowable TTL value is 1 minute and the maximum value is 10 years (10 * 365 days).
REFRESH modifier is optional. When the
REFRESH modifier is specified,
the token's expiration timestamp will be refreshed on each successful
Many QuestDB Enterprise instances run within active database replication clusters. With replication enabled, the REST API token will be refreshed on successful authentication to the primary node. The token will not be refreshed during successful authentications to replica nodes.
Therefore, tokens with the
REFRESH modifier are for use only on the
The result of the above commands can be verified with
SHOW SERVICE ACCOUNT: