Docs Menu
Docs Home
/
Atlas
/
Programmatic Access
/
Atlas Administration API

Rotate Service Account Secrets

Service account secrets expire after the duration specified when created, anywhere from 8 hours to 365 days. When it's time to rotate the secret, Atlas returns the alert Service Account Secrets are about to expire.

Note

To configure service account alerts, see Configure Alert Settings.

To rotate your service account secret, complete the following steps to generate a new client secret, update your application with the new client secret, and delete the old secret.

You can generate a new client secret and delete the old one using the Atlas UI.

1

In Atlas, go to the Organization Access Manager page.

Warning

Navigation Improvements In Progress

We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Atlas UI, see the preview documentation.

  1. If it's not already displayed, select your desired organization from the Organizations menu in the navigation bar.

  2. Do one of the following steps:

    • Select Organization Access from the Access Manager menu in the navigation bar.

    • Click Access Manager in the sidebar.

    The Organization Access Manager page displays.

2

Click the Applications tab.

3

Click Service Accounts.

4

Click the name of a service account.

5

Generate a new client secret.

  1. Click Generate New Client Secret

  2. Choose a duration for the client secret from the menu. The client secret expires after this duration.

  3. Click Generate New.

  4. Click Copy and save the client secret to a secure location. This is the only time you can view the full client secret.

  5. Click Close.

6

Update your application with the new client secret.

Important

Once you generate a new client secret, the old client secret expires within 7 days. This expiration period can be shorter depending on the old secret's original expiration date.

  • If the old secret is set to expire more than 7 days after the new one is created, its expiration is shortened to 7 days from the new secret's creation date.

  • If the old secret is set to expire in less than 7 days from the new one's creation date, the original expiration date is maintained.

To avoid losing access to the Atlas Administration API, update your application with the new client secret as soon as possible.

7

Delete the old client secret.

  1. In the Atlas UI for your service account, click Revoke.

  2. Confirm you want to delete the secret by typing the prompt in the field, then click Revoke Secret.

You can use the Atlas Administration API to:

Important

Once you generate a new client secret, the old client secret expires within 7 days. This expiration period can be shorter depending on the old secret's original expiration date.

  • If the old secret is set to expire more than 7 days after the new one is created, its expiration is shortened to 7 days from the new secret's creation date.

  • If the old secret is set to expire in less than 7 days from the new one's creation date, the original expiration date is maintained.

To avoid losing access to the Atlas Administration API, update your application with the new client secret as soon as possible.

Back

Service Accounts Overview

Next

Versioning Overview