Devolutions ForumDevolutions Forum

Ability to reset secret of DVLS Application/API

Implemented

Ability to reset secret of DVLS Application/API

0 vote

avatar
jm2

Hello,

If an 'Application' is created in DVLS (for use by PowerShell scripts for example), there is no way to reset the secret that was originally generated. This becomes problematic if the secret becomes compromised (or needs to be rotated), and the respective Application has been granted access to specific entries elsewhere in DVLS. Currently the only workaround is to create a new Application, and then grant it access to all the same resources which can be difficult to identify.

Ideally there would be a simple way to reset the secret of an existing application, similar to how Azure allows for multiple versions of a secret https://learn.microsoft.com/en-us/rest/api/keyvault/secrets/update-secret/update-secret?tabs=HTTP

Please let me know if further clarification is required.

Thanks

All Comments (10)

avatar
François Dubois

Hello,

Thank you for your suggestion. We already have a ticket in our backlog. We are not sure that we would like to reset the secret. What we would like to implement is supporting many secrets for the same key. You could delete a secret and create a new one. But each secret would be visible once at the creation. Let us know if it would not work for you. I don't have an ETA for now, but we will prioritize the ticket and let you know when we will work on a solution.

Best regards,

François Dubois

avatar
jm2

Hi François,

Thanks for your assistance with this one. Yes being able to generate a new (or multiple) secret/s for the same key would be perfect.

Joe

avatar
fabian.gygax

Hi Richard,

We are in the same situation as we tend to rotate application secrets regularly while heavily integrating DVLS in our scripting. Secret rotation should be a base feature as many IdPs tend to issue short-lived application secrets with a live time of less than a year. Can you tell the priority this ticket has in your backlog?

avatar
François Dubois

Hello,

I agree that rotating password is a good idea. We didn't think that people would like to rotate a secret that is probably use in a script. I assume here that you would like to rotate it via powershell or an API ? It is not plan short term, but we will consider it.

Best regards,

François Dubois

avatar
fabian.gygax

Hi François,

Thanks for your positive reply.
Rotating it via PS or API would be ideal, but the GUI would be OK, too. I think implementing the feature via API / PS would be more consistent, though.

Cheers,
Fabian

avatar
jm2

Hi François,

Is there an ETA for when this feature would be available.

Thanks
Joe

avatar
François Dubois

Hello Joe,

I can't promise, but we will try to add a quick win for 2024.1, plan for next february. We will probably add a simple way to reset the current secret. I know that I talked about managing a secret list in previous message, but we will probably do a first step for now. We will post here once we have an update.

Best regards,

François Dubois

avatar
jm2

That would be great, thanks François

avatar
jm2

Hi François,

Confirmed this feature is available with 2024.3.2. Thanks for your help on this one.

Joe

avatar
François Dubois

Hello Jo,

I'm glad to hear that. I'm moving that thread to implemented.

Best regards,

François Dubois