Has anyone attempted to rotate passwords automatically for service accounts granted to Ignition in an automated fashion. For instance, Ignition has a service account in Active Directory, this account automatically rotates passwords for security purposes. Is there an automated way for Ignition rotate the passwords it leverages to access external systems? Assume that the external system can push the password to Ignition on a manual trigger.
Personally, I would recommend using a longer complex password and not bother with rotating it. Since it's a service account, no one should be logging in with it, so use something like 25 characters of mixed case, numbers, special characters and you should be fine.
Even NIST no longer recommends doing password changes for users and favors length over complexity. While these guidelines are for users logging in, a service account isn't even used by a regular user, so go as long and complex as you want, but to me, the risk of rotating service passwords (of which you need to restart the gateway for the new password to be used) is worse and riskier than never rotating it and using something stronger.
1 Like
This is where I am leaning. I just figured I would see if anyone had tackled rotating passwords. Thank you for the response!