Skip to content

Commit

Permalink
Update readme (#419)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kerenlahav
kerenlahav committed Apr 10, 2024
1 parent 5dfa0b6 commit 653dd67
Showing 1 changed file with 7 additions and 9 deletions.
16 changes: 7 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -577,11 +577,13 @@ Enhance security by automatically rotating the credentials associated with your

To enable automatic service binding rotation, use the `credentialsRotationPolicy` field within the `spec` section of the `ServiceBinding` resource. This field allows you to configure several parameters:

| Parameter | Type | Description | Valid Values |
|:-----------------|:---------|:---------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------|
| `enabled` | bool | Turns automatic rotation on or off. | |
| `rotationFrequency` | string | Defines the desired interval between binding rotations. Specify time units using "m" (minutes) or "h" (hours). Note that | "m", "h" | |
| `rotatedBindingTTL` | string | Determines how long to keep the old `ServiceBinding` after rotation (before deletion). The actual TTL may be slightly longer (details below). Specify time units using "m" (minutes) or "h" (hours). | "m", "h" |
| Parameter | Type | Description | Valid Values |
|:-----------------|:---------|:----------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------|
| `enabled` | bool | Turns automatic rotation on or off. | |
| `rotationFrequency` | string | Defines the desired interval between binding rotations. | "m" (minute), "h" (hour) | |
| `rotatedBindingTTL` | string | Determines how long to keep the old `ServiceBinding` after rotation (before deletion). The actual TTL may be slightly longer (details below). | "m" (minute), "h" (hour) |

** **The `credentialsRotationPolicy` has no control over the validity of the credentials. The content and expiration time of the credentials is determined by the service you're using.**

### Rotation Process

Expand All @@ -591,10 +593,6 @@ The `credentialsRotationPolicy` is evaluated periodically during a [control loop

You can trigger an immediate rotation (regardless of the configured `rotationFrequency`) by adding the services.cloud.sap.com/forceRotate: "true" annotation to the `ServiceBinding` resource. This immediate rotation only works if automatic rotation is already enabled.

**Note**

The `credentialsRotationPolicy` has no control over the validity of the credentials. The content and expiration time of the credentials is determined by the service you're using.

**Example**

This example configures a `ServiceBinding` to rotate credentials every 25 days (600 hours) and keep the old `ServiceBinding` for 2 days (48 hours) before deleting it:
Expand Down

0 comments on commit 653dd67

Please sign in to comment.