Reading about Docker’s account data compromise and I wonder how many organizations include token security as part of their general security practices. Maybe not routine changes (although I’d go that direction to everyone knows how to do it!), but are tokens revoked and re-issued when a member leaves the group?