Recommendation
Rotate secrets and key pairs regularly, or immediately if they are compromised.
Currently, key rotation is a manual process. To rotate a secret or key pair, a new one must be created. It is not possible to amend an existing secret or key pair.
Rotate a secret/key pair
Go to the ALSAASPM-N-164 and create a new secret / key pair.
-
In the Secret settings or Key pair settings section, copy the Reference, e.g.,
[FILE]/secrets/my-secret, and paste it unchanged into the relevant configuration file or into the IAM Config Editor, replacing the existing reference.ⓘ
Note that the secret value is not displayed.
Zip the configuration and upload it.
Activate the configuration.
Test the configuration.
Delete the replaced secret or key pair in the Vault.
Reactivate the configuration and test again to ensure the new references are in effect.
Notice
Changing a secret or key pair takes effect only after the next IAM configuration activation.
Rotate a certificate without changing the private key
Issue and downloaded a new CSR from the respective key pair.
Sign the CSR and upload the certificate.
Reactivate the current configuration. No modification of the tenant IAM configuration is necessary.