on 11-22-2021 8:01 AM
I'm currently working on Feature-Set-A on the SAP BTP and try to rotate the service keys of our services for more security.
This is done by unbinding and binding the services again.
I have noticed that for some service (i.e. the portal service) the service keys doesnt change. (Everything including the clientsecret stay the same).
Therefore I was wondering, if this behavior works as designed or if there is an issue with the service key?
I would also appreciate if someone could link me a good documentation about how service keys work and how they rotate (I somehow only found docu for how to create and rotate service keys)
Thank you very much in advance!
Hi beniseeger_98,
The documentation clearly states that in order to rotate secrets, you must unbind and rebind the instance so the secrets will rotate properly:
Keep in mind that in order to be able to use rotating binding secrets you must enable it on the xs-security.json file when you create your xsuaa instance:
Instance secrets are by-design non-rotatable. Meaning: if you you really need the instance secret to change, you must first change the xsappname and redeploy both application and xsuaa instance. This is also explained on the documentation:
Hope this helps.
Best regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi ivan.mirisola
yes that helps a lot thank you very much!
So the portal service uses an instance secret which is currenlty not very easy to rotate.
Does SAP change the secret type of the portal service to binding secret in the future?
Is there a list of services which use the instance / binding secret today?
Best regards,
Benjamin
Hi beniseeger_98,
The Portal Service has been replaced by Launchpad Service on BTP. This newer service doesn't allow multiple instances as it is subscription based. Therefore, there is no service secret for it. Also, there is no API for the Launchpad service yet.
Would you mind stating the use case you are trying to achieve with binding secrets?
Perhaps with a concrete example we could better assist you.
Best regards,
Ivan
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.