Infrastructure
Credential rotation
The credential rotation card provides a complete history of credential changes across your fleet. It tracks API key rotations, OAuth2 configuration updates, and time-scoped credential modifications so you can audit when and how credentials were changed.
API key changes
Every API key rotation is recorded with the timestamp, the agent affected, and who initiated the rotation. The actual key values are never stored in the audit log — only the fact that a rotation occurred is tracked.
OAuth2 configuration updates
Changes to OAuth2 credentials are tracked including updates to the client ID, client secret, token URL, and scope fields. As with API keys, the actual secret values are masked — the log records that a change was made, not what the new values are.
Time-scoped credential modifications
Time-scoped credentials have start and end dates that define their validity window. The rotation log tracks when these windows are created, modified, or expired. Each entry shows the agent, the credential type, the validity window (start and end timestamps), and whether the change was a creation, extension, or early revocation.
Per-agent rotation timeline
The per-agent view shows a timeline of all credential changes for a specific agent. Each credential type (API key, OAuth2, time-scoped) is shown on its own row with markers at each rotation event. This makes it easy to see the rotation frequency and identify agents that have not rotated credentials recently.
Rotation event details
| Field | Description |
|---|---|
| Timestamp | When the credential was rotated |
| Agent | Agent name and permanent ID |
| Credential type | API key, OAuth2, or time-scoped |
| Action | Created, rotated, revoked, or expired |
| Rotated by | User who initiated the rotation (or "system" for automatic expirations) |
Regular credential rotation is a security best practice. Use this card to audit rotation frequency and ensure no agent is using stale credentials. Agents that have not rotated credentials in an extended period may need attention.
Next
Learn how to configure protocol routing for your agents. See Configuring protocols →