[cf-dev] Client secret rotation in UAA #uaa #cf

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[cf-dev] Client secret rotation in UAA #uaa #cf

Shetty, Viraj S [CTR] via lists.cloudfoundry.org
Hi All, 

I am trying to create an automation script which will rotate the client secret every 30 days. I am trying to see if there is an API in UAA which will give me the timestamp of when the last time secret was changed for a client.  The retrieve client API does not seem to provide that information. I think the lastmodified field on retrieve client API is the last timestamp when any of the attributes of the client changed. Is this field (timestamp when secret was changed) available in UAA? If not, then I would probably just run the automation script every 90 days and force the secret rotation for all clients. 

Any help is appreciated 

Thanks,
Viraj 
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#9132) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #uaa | Mute #cf


Reminder that all communication on this mailing list is subject to the Cloud Foundry Foundation's code of conduct, which can be found here: https://www.cloudfoundry.org/code-of-conduct/
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]
_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Client secret rotation in UAA #uaa #cf

Shetty, Viraj S [CTR] via lists.cloudfoundry.org
What I have found is that when I set the secret, add a secret or delete the secret later for a UAA client- the lastmodified field of the client does not get updated. Ideally, there should be a timestamp for the secret modification, so that it can be found out if a secret needs to be rotated. This would be helpful in agencies where there are policies on credentials rotation. At the very least, I think the last modifiied field should be updated on secret modification. I am at 74.14.0 UAA version. 

Thanks,
Viraj 
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#9133) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #cf | Mute #uaa


Reminder that all communication on this mailing list is subject to the Cloud Foundry Foundation's code of conduct, which can be found here: https://www.cloudfoundry.org/code-of-conduct/
Your Subscription | [hidden email] | Unsubscribe [[hidden email]]
_._,_._,_