How to force password change on next login and set expiration policy for passwords/API keys

[robertahyong]

Hi Paul,

Thanks for the great plugin! We're currently using it for one of our open source projects. I was wondering how to set an expiration policy on user passwords and API keys as well as being able to force a user to change their password on next login. I recently inherited the project and don't have experience with caddy, so I'm probably missing something obvious.

Thanks,

--rob

[greenpau]

@robertahyong , you would need to change the keys/passwords on your own. There is a timestamp on every entry. You can just code something that would replace/remove keys older than. There is not "rotation" so to speak.

[robertahyong]

Thanks for your quick response Paul! My working hours may not be your working hours. Please do not feel the need to respond outside of your working hours. Robert Ah Yong Enterprise Architect, IT Canadian Partnership Against Cancer 145 King Street West, Suite 900 Toronto ON M5H 1J8 Direct: 416-619-6262 Email: ***@***.******@***.***> Subscribe<https://www.partnershipagainstcancer.ca/subscribe/> to email updates from the Canadian Partnership Against Cancer Facebook <http://facebook.com/canadianPartnershipAgainstCancer> | LinkedIn<https://www.linkedin.com/company/canadian-partnership-against-cancer/> ***@***.*** From: Paul Greenberg ***@***.***> Sent: September 17, 2025 2:15 PM To: greenpau/caddy-security ***@***.***> Cc: Robert Ah Yong ***@***.***>; Mention ***@***.***> Subject: Re: [greenpau/caddy-security] How to force password change on next login and set expiration policy for passwords/API keys (Issue #426) [EXTERNAL EMAIL]: Please use caution when clicking links, downloading or opening file attachments. If this email is suspicious, contact the Service Desk. Closed #426<#426> as completed. - Reply to this email directly, view it on GitHub<#426 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABLYYSJZMERL4AZVDYR74WL3TGQLDAVCNFSM6AAAAACGZBYPCCVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJZG42TMNZXGY3DINA>. You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>