keycloak client secret rotation

 Client secret rotation is disabled by default but you can turn it on with the following command:-

docker run --name mykeycloak -v c:\work\keycloak\conf:/opt/keycloak/conf -p 5000:8080 -e KEYCLOAK_ADMIN=admin -e KC_METRICS_ENABLED=true -e KC_FEATURES=client-secret-rotation -e KC_HEALTH_ENABLED=true -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak start-dev -cache-config-file=cache.xml

Next is about configuring your keycloak. Goto Realm Settings -> Client Policies -> Profile. 

Everything you need to do will be in this page. So we will 

1. Create profile (Profiles tab)

2. Create policies (Policies tab) 

Now that we have our bearing right, go ahead create a Profile by clicking on "Create client profile" and that brings you to a new page. Provide a name and click "Save". Next you will see a screen below - click on "Add Executor".

Then choose "secret-rotation"

Configure your secret rotation configuration and then click 'Save'. Then go back to Realm -> Client Policies (back to where we started). Then click on the 'Policies tab'.

And then you will see the screen below 

We need to provide a name and then click on "Save". Then we can start to "Add condition" - choosing the condition of what gets applied to which client. 

Then clickc on "Add". You will go back to the Create policy page. Click on "Add client profile" then select the profile you created earlier.

Then click "Save".  To apply this to an existing client, please click on "Regenerate secret" - you will see another secret appear on your screen.