Does Mend Rotate User Keys?
Not automatically. Any User Key rotation must be done manually either via the UI or by API.
UI Method:
Removing and generating a new user key (NOTE: this can only be done by the user currently logged in):
API Method:
API 1.4 - This API request can be used by an administrator of an organization to rotate the user key of either a normal user or a service user. The major caveat in using this request is that the original user key must be supplied as part of the request body.
API 2.0 - This API request can be used by an administrator of an organization to rotate the user key of a service user only. The previous user key is not required in this, and as such can only rotate user keys of service users because they can only hold one key.
Removing access for a UserKey
Mend also provides the ability to remove access to a user key by enforcing that the user log in at least once during a given period (between 7-90 days). To do this, SAML must be enabled on the organization, and then an Administrator can enable this by logging into the Legacy Mend UI → Admin → SAML Integration, and then click “Verify user key via UI login after set period of 7-90 days” and then set the number of desired days, followed by Save.