Skip to content

Make Secret rotation a no-brainer #197

New issue
New issue
Open
Open
Make Secret rotation a no-brainer#197
Assignees
dattitomaximilianbraunsdischer-sapdwlou
@GenosseOtt

Description

@GenosseOtt
GenosseOtt
opened on Jul 25, 2025

Description

As users of Crossplane, we highly benefit from its desired state methodology.
Getting security related functionality into this work mode is often asked for - in particular schduled Secret rotation.

We have seen a rotation mechanism with great user feedback in the BTP service operator.

Desired outcome

  • All listed resources that we want to rotate can be configured for rotationFrequency and rotatedBindingTTL
  • Community-approved approach that puts development experience and security first
  • Notable increase in Rotation of Secrets proofing that IaD makes cloud landscapes more secret!

Approach

  1. Finalize Rotation around ServiceCredentialBinding in CloudFoundry [https://github.com/[FEATURE] Enhance ServiceCredentialBinding for rotate SAP/crossplane-provider-cloudfoundry#87]
  2. Make BTP ServiceBinding rotatbale [https://github.com/[FEATURE] Make ServiceBinding rotatable SAP/crossplane-provider-btp#244]
  3. Bring together Engineers of both Providers - have list of all Resources to rotate prepared
  4. Decide: On Implementation

Implementation Options

A: Standalone Operator/Function

TBD

B: GO Lib to be used in all Providers

TBD

C: Contribute to 3rd party Tools

TBD

Out of scope

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions