---
security:
  - The admin_token method of authentication was never intended to be
    used for any purpose other than bootstrapping an install. However
    many deployments had to leave the admin_token method enabled due
    to restrictions on editing the paste file used to configure the
    web pipelines.  To minimize the risk from this mechanism, the
    `admin_token` configuration value now defaults to a python `None`
    value.  In addition, if the value is set to `None`, either explicitly or
    implicitly, the `admin_token` will not be enabled, and an attempt to
    use it will lead to a failed authentication.