Automatically Trigger Expired Token Removal

### Description

Elasticsearch supports removal of expired tokens ([created >24h](https://github.com/elastic/elasticsearch/blob/ebe8ea613634c63707b0a32e89a14350a60d6442/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ExpiredTokenRemover.java#L46)). It provides a configurable interval at which the [expired token remover](https://github.com/elastic/elasticsearch/blob/main/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ExpiredTokenRemover.java) should scan for expired tokens and delete them. The interval is controlled via `xpack.security.authc.token.delete.interval` setting. This setting is undocumented but we should fix that. 

Currently, the removal of expired tokens is only triggered when a manual call to the [Invalidate Token API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-security-invalidate-token) is made. This  behaviour is unexpected and can lead to indefinite grow of `.security-tokens` index.

We should improve the expired token remover to be triggered automatically (per defined interval), instead of requiring a call to the invalidate token API.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Automatically Trigger Expired Token Removal #127860

Description

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Automatically Trigger Expired Token Removal #127860

Description

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions