Re: Client secret rotation in UAA #cf #uaa


Shetty, Viraj S [CTR]
 

What I have found is that when I set the secret, add a secret or delete the secret later for a UAA client- the lastmodified field of the client does not get updated. Ideally, there should be a timestamp for the secret modification, so that it can be found out if a secret needs to be rotated. This would be helpful in agencies where there are policies on credentials rotation. At the very least, I think the last modifiied field should be updated on secret modification. I am at 74.14.0 UAA version. 

Thanks,
Viraj 

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.