Enrolled identities lifespan

How does Ziti maintains identities? If I have 50 servers running with the same identity and get deployed weekly, after a month would I have 200 identities whereas only 50 are valid? Are there any provisions in Ziti to clean up identities in some way?


At the moment, I don’t know of any “automatic expiration” of identities. We have talked about adding that sort of feature, but I don’t think we have due to no demand yet to do so.

Since you can create an identity, you can also delete them. Right now you’ll probably have to maintain this yourself with some sort of cleanup routine in your automation.

1 Like

Is there any attribute in DB I can refer to, to find out when was the identity registered? or any “last established session” timestamp based on which I can write some automation to remove stale identities?

@mguthrie88 provided some good insights here

I have setup metrics… and you can track every time an identity connects to an edge.

This would be a good way to identity which are active or not… to then consider deactivating…

{"namespace":"edge.sessions","event_type":"created","id":"cl7n1rz7n0gm3cr8kr0anrim9","timestamp":"2022-09-04T08:03:49.466506557Z","token":" ","api_session_id":"cl7n1ryw60gm1cr8ko1xu98nb","identity_id":"Wbbn31niU"}

1 Like

This looks very promising. Thanks a lot @markamind

Hrmm. I don’t think we have an “enrolled at” (registered) date. That might be an interesting thing to track. If it’s out there, I didn’t find the right API that would track it yet. If I discover it I’ll post back

1 Like