I am trying to create an automation script which will rotate the client secret every 30 days. I am trying to see if there is an API in UAA which will give me the timestamp of when the last time secret was changed for a client. The retrieve client API does not seem to provide that information. I think the lastmodified field on retrieve client API is the last timestamp when any of the attributes of the client changed. Is this field (timestamp when secret was changed) available in UAA? If not, then I would probably just run the automation script every 90 days and force the secret rotation for all clients.
Re: [cf-dev] Client secret rotation in UAA #uaa #cf
What I have found is that when I set the secret, add a secret or delete the secret later for a UAA client- the lastmodified field of the client does not get updated. Ideally, there should be a timestamp for the secret modification, so that it can be found out if a secret needs to be rotated. This would be helpful in agencies where there are policies on credentials rotation. At the very least, I think the last modifiied field should be updated on secret modification. I am at 74.14.0 UAA version.