Pivotal Knowledge Base


What Should I Do If My Service Credentials Are Compromised?


Pivotal Web Services (PWS): All versions 


Your service credentials may be exposed to unauthorized people if you share the contents of your application logs or the output of a trace. This article answers the question of what you should do if your service credentials are exposed.


The steps you need to follow depend on the service provider you're using.  Most service providers will resent your credentials if you unbind the service from your application, bind it back to the application and restage your application.

$ cf unbind-service my-app my-service
$ cf bind-service my-app my-service
$ cf restage my-app

You can confirm that your service credentials have changed by viewing the credentials for the service.  Instructions for doing that can be found here.

If the steps above do not result in a new set of credentials being issued, please contact Pivotal Support for additional details.


Be careful when resetting your password.  If you use a service-specific tool to change the password, this can result in a difference between the password for the server and the password that is provided to your application by PWS (i.e. through VCAP_SERVICES).  If these differ, it may result in downtime to your application or the inability to access your data.


Powered by Zendesk