Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-474

Supported Client Secret Rotation

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Narrative

      Regular rotation of client secrets is an important aspect of keeping a deployment of Keycloak secure. However, there is one complicating factor of rotating secrets, which is that it is almost impossible to co-ordinate the update of the secret in Keycloak and in the application to happen simultaneously. This results in the need to support the new and the old secret for some overlapping period.

      Client secret rotation was introduced as a tech preview feature in Keycloak 18 to provide a solution to the above problem.

      Relevant documentation is available in the server admin guide.

      Value Proposition

      • Allows seamlessly rotating client secrets without disruptions to the client
      • Regular rotation of secrets is a good security practice
      • Making the feature supported makes it possible to use this feature in production deployments

      Acceptance Criteria

      • Review client secret rotation preview feature to consider if it is ready to graduate to a fully supported feature
      • Resolve any important open bugs reported against the feature
      • Feature mark as fully supported and enabled by default

              mposolda@redhat.com Marek Posolda
              mnocon@redhat.com Marek Nocon
              Keycloak Core Clients
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: