Back to all scenarios
Scenario #300
Security
Kubernetes v1.24, Self-Hosted

Token Reuse After Namespace Deletion and Recreation

A previously deleted namespace was recreated, and old tokens (from backups) were still valid and worked.

Find this helpful?
What Happened

Developer restored a backup including secrets from a deleted namespace. The token was still valid and allowed access to cluster resources.

Diagnosis Steps
  • 1Found access via old token in logs.
  • 2Verified namespace was deleted, then recreated with same name.
  • 3Checked secrets in restored backup.
Root Cause

Static tokens persisted after deletion and recreation.

Fix/Workaround
• Rotated all tokens after backup restore.
• Implemented TTL-based token policies.
Lessons Learned

Tokens must be invalidated after deletion or restore.

How to Avoid
  • 1Don’t restore old secrets blindly.
  • 2Rotate and re-issue credentials post-restore.
Previous ScenarioNext Scenario