Set Password Expiration

Time updated：2025-12-22 09:26:17

This section describes how to set password expiration to enforce periodic password changes and provide reminders before passwords expire.

Prerequisites

You need to be a member of a cluster and have the cluster-admin role within that cluster.

Log in to the KubeSphere web console as a user with the cluster-admin role and enter your cluster.
Click Configuration > Secret in the left navigation pane.
Search for io.kubesphere.config.platformconfig.security.
Click on the right side of the Secret, then select Edit Settings from the dropdown list.

In the Edit Settings dialog box, click to modify the value of each field. Then click OK.

passwordPolicy:
  expireEnabled: false
  maxAgeDays: 90
  reminderDays: 7

Parameter Description

Parameter	Description
`expireEnabled`	Whether to enable the password expiration feature, which forces periodic password changes.
`maxAgeDays`	If password expiration is enabled, the maximum validity period for a password is 90 days.
`reminderDays`	If password expiration is enabled, the system will start reminding the user 7 days before the password expires.

expireEnabled

Whether to enable the password expiration feature, which forces periodic password changes.

maxAgeDays

If password expiration is enabled, the maximum validity period for a password is 90 days.

reminderDays

If password expiration is enabled, the system will start reminding the user 7 days before the password expires.