Infrastructure

Credential rotation

The credential rotation card provides a complete history of credential changes across your fleet. It tracks API key rotations, OAuth2 configuration updates, and time-scoped credential modifications so you can audit when and how credentials were changed.

API key changes

Every API key rotation is recorded with the timestamp, the agent affected, and who initiated the rotation. The actual key values are never stored in the audit log — only the fact that a rotation occurred is tracked.

API key rotations include both the platform API key (used to authenticate with Tragentics) and the endpoint credential key (used to authenticate with the agent's external endpoint). Both types are tracked separately.

OAuth2 configuration updates

Changes to OAuth2 credentials are tracked including updates to the client ID, client secret, token URL, and scope fields. As with API keys, the actual secret values are masked — the log records that a change was made, not what the new values are.

Time-scoped credential modifications

Time-scoped credentials have start and end dates that define their validity window. The rotation log tracks when these windows are created, modified, or expired. Each entry shows the agent, the credential type, the validity window (start and end timestamps), and whether the change was a creation, extension, or early revocation.

Monitor this section to ensure time-scoped credentials are being rotated before they expire. An expired credential that is not replaced will cause the agent's endpoint calls to fail with authentication errors.

Per-agent rotation timeline

The per-agent view shows a timeline of all credential changes for a specific agent. Each credential type (API key, OAuth2, time-scoped) is shown on its own row with markers at each rotation event. This makes it easy to see the rotation frequency and identify agents that have not rotated credentials recently.

Rotation event details

FieldDescription
TimestampWhen the credential was rotated
AgentAgent name and permanent ID
Credential typeAPI key, OAuth2, or time-scoped
ActionCreated, rotated, revoked, or expired
Rotated byUser who initiated the rotation (or "system" for automatic expirations)

Regular credential rotation is a security best practice. Use this card to audit rotation frequency and ensure no agent is using stale credentials. Agents that have not rotated credentials in an extended period may need attention.

Next

Learn how to configure protocol routing for your agents. See Configuring protocols →