Rotate and Revoke Secrets for the Agent Principal

You are recommended to rotate secrets to improve security. This page describes how to rotate and revoke tokens for the Agent Principal.

Guidelines for Rotating and Revoking Secrets

When rotating and revoking secrets, keep the following in mind:

• The old secret is valid for 30 days.
• If the expiry of the old secret needs to be changed, use the JSON payload revokeRotatedAfter to specify the duration after which the old secret should be expired.
• If the old secret need to be expired immediately, refer to Rotate Secrets for the Agent Principal.

Requirements for Rotating and Revoking Secrets

To rotate or revoke secrets for the Agent Principal:

• You need to be a Configuration manager or Tenant Administrator
• You need to get an access token

Rotate Secrets for the Agent Principal

curl -X "POST" "https://<tenant-vanity-url>/administration/v1beta/clients/agents/{clientId}/secret/rotate" \
     -H 'Authorization: Bearer <token>'

"credentials": {
    "clientId": "c0e3beb9-9822-4311-ab87-6525df16b5f3",
    "clientSecret": "<new secret>"
  }

Revoke Secrets for the Agent Principal

curl -X "POST" "https://<tenant-vanity-url>/administration/v1beta/clients/agents/{clientId}/secret/revokeRotated" \
     -H 'Authorization: Bearer <token>'

{
    "status": "OK",
    "message": "All rotated client secrets have been revoked."
}