Rotate Credentials

Rotate Credentials

Regularly rotating key material is essential to maintaining security and meeting compliance requirements. Login 3.0 supports credential rotation to help prevent unauthorized access in case of key leakage. Credential management, including rotation, is handled in coordination with the UPBOND team.

Steps to Rotate Application Credentials

  1. Contact the UPBOND Team:

    Provide the following details:

    • Application name or Client ID.

    • Public key in PEM format for the new credential.

    • Desired signing algorithm (e.g., RS256 or PS256).

  2. Add a New Credential:

    The UPBOND team will:

    • Add a new credential to your application.

    • Set the credential for use with the private_key_jwt authentication method.

  3. Update Applications:

    • Update your application configuration to use the new credential for signing and authentication.

    • Test your application to ensure seamless functionality with the new credential.

  4. Deactivate and Remove Old Credentials:

    After confirming that the application works correctly with the new credential:

    • Request the UPBOND team to disable the old credential.

    • Once disabled, the old credential will be deleted to maintain the two-credential storage limit.

Active Credentials

Login 3.0 allows up to two active credentials for an application at any time. During credential rotation:

  • Older credentials remain active temporarily to ensure zero downtime.

  • Applications can use any active credential to send signed assertions during the transition.

Best Practices:

  • **Minimize Overlap:**Reduce the time during which multiple credentials are active to minimize security risks.

  • **Test Thoroughly:**Before deactivating old credentials, verify that all applications have successfully transitioned to the new credential.

Benefits of Regular Credential Rotation

  • **Enhanced Security:**Reduces the risk of unauthorized access due to compromised keys.

  • **Compliance:**Helps meet industry standards and regulatory requirements for key management.

Key Recommendations

  • **Coordinate with the UPBOND Team:**Always involve the UPBOND team for credential rotation to ensure proper configuration and minimize disruptions.

  • **Test After Rotation:**Confirm that all applications using the credential operate correctly with the new configuration.

  • **Monitor for Errors:**After rotation, monitor application logs for any issues related to authentication or signing.

PreviousChange Application Signing AlgorithmsNextRotate Client Secrets

Last updated

Was this helpful?