[GH-ISSUE #2322] [Feature Request] Limit use of installer token #1436

New issue

Open

opened 2026-03-02 02:23:09 +03:00 by kerem · 1 comment

kerem commented 2026-03-02 02:23:09 +03:00

Owner

Copy link

Originally created by @P6g9YHK6 on GitHub (Oct 20, 2025).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/2322

Is your feature request related to a problem? Please describe.
We can currently set how long a token is valid, but there is no way to limit how many times a token can be used. This creates a security gap: if someone discovers a token, they can reuse as many time it wishes until it expires, which may lead to unexpected agents appearing on the dashboard.

Describe the solution you'd like
Add a “max uses” option for tokens (in addition to expiry). When set, the token becomes invalid after it has been used the configured number of times. Expose this option in the UI when creating tokens and enforce it server-side for all token validation logic.

Originally created by @P6g9YHK6 on GitHub (Oct 20, 2025). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/2322 **Is your feature request related to a problem? Please describe.** We can currently set how long a token is valid, but there is no way to limit how many times a token can be used. This creates a security gap: if someone discovers a token, they can reuse as many time it wishes until it expires, [which may lead to unexpected agents appearing on the dashboard.](https://docs.tacticalrmm.com/faq/#help-ive-been-hacked-and-there-are-weird-agents-appearing-in-my-tactical-rmm) **Describe the solution you'd like** Add a “max uses” option for tokens (in addition to expiry). When set, the token becomes invalid after it has been used the configured number of times. Expose this option in the UI when creating tokens and enforce it server-side for all token validation logic. <img width="575" height="743" alt="Image" src="https://github.com/user-attachments/assets/6cd238fe-8363-4139-b4ae-64da9e7d8a24" />

kerem commented 2026-03-02 02:23:10 +03:00

Author

Owner

Copy link

@Kf637 commented on GitHub (Nov 23, 2025):

Would be useful.

<!-- gh-comment-id:3568168467 --> @Kf637 commented on GitHub (Nov 23, 2025): Would be useful.

kerem referenced this issue 2026-03-14 05:39:41 +03:00

[GH-ISSUE #1436] Enable RDP in deployment link doesn't enable RDP #2840

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

master

1.0.0

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.20.1

v0.20.0

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.2

v0.18.1

v0.18.0

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.5

v0.16.4

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.12

v0.15.11

v0.15.10

v0.15.9

v0.15.8

v0.15.7

v0.15.6

v0.15.5

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.8

v0.14.7

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.32

v0.4.31

v0.4.30

v0.4.29

v0.4.28

v0.4.27

v0.4.26

v0.4.25

v0.4.24

v0.4.23

v0.4.22

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

In Process

  

bug

  

bug

  

dev-triage

  

documentation

  

duplicate

  

enhancement

  

fixed

  

good first issue

  

help wanted

  

integration

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

requires agent update

  

security

  

ui tweak

  

wontfix

No labels

In Process

bug

bug

dev-triage

documentation

duplicate

enhancement

fixed

good first issue

help wanted

integration

invalid

pull-request

question

requires agent update

security

ui tweak

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/tacticalrmm#1436

No description provided.