Handling Bearer Tokens across Jobs

I’ve been lazy in a few occasions and basically asking for a new bearer token per job being run. Doesn’t really impact me except for the requirement to make an extra API call in order to grab a new token for every job. I know it’s not best practice but also am unsure what else to do.

I’ve run into a vendor that does not like me asking for a new token for every API call and will start throttling requests. The token expires after 30 minutes.

Has anyone else found a way to store a bearer token securely between jobs? I figure I’ll figure out how to test the bearer token before I make the request, but I just need a way to store the token in something like a secure variable so it can be accessed from job to job and then also update that variable with a new token when it expires.

Might have to save it to a global artifact with the date/time of creation and then in the workflow determine if it has been over 30 minutes.

the only negative to this is saving a secure token in clear text, but depending on how you are capturing the token it will be in the logs anyways.

Thank you for your response. It’s a low risk read only token anyway, so that’s the approach we took. Instead of checking on time, we just built in a check for a non 200 or abnormal response, and at that point just assume the token is expired and it runs the branch to update the token and then update the global artifact. That’s been working very well.