Pivotal Knowledge Base

Follow

What Should I Do If My Service Credentials Are Compromised?

Symptoms

Your service credentials may be exposed to unauthorized people if you share the contents of your application logs or the output of a trace. This article answers the question of what you should do if your service credentials are exposed.

Resolution

The steps you need to follow depend on the service provider you're using.  Most service providers will resent your credentials if you unbind the service from your application, bind it back to the application and restage your application.

$ cf unbind-service my-app my-service
$ cf bind-service my-app my-service
$ cf restage my-app

You can confirm that your service credentials have changed by viewing the credentials for the service.  Instructions for doing that can be found here.

If the steps above do not result in a new set of credentials being issued, please contact Pivotal Support for additional details.

Impact / Risks

Be careful when resetting your password.  If you use a service specific tool to change the password, this can result in a difference between the password for the server and the password that is provided to your application by PWS (i.e. through VCAP_SERVICES).  If these differ, it may result in downtime to your application or the inability to access your data.

Comments

Powered by Zendesk