This article discusses about what to do if service credentials in the Pivotal Web Services are compromised.

The service credentials in the Pivotal Web Services (PWS) are sometimes exposed to the unauthorized people if the contents of the application logs or the output of a trace are shared among the public. This article discusses what to do if your service credentials are exposed.

The steps you need to follow depend on the service provider you are using. Most of the service providers send your credentials again if you unbind the service from your application. You need to bind the services back to the application and restage your application.

$ cf unbind-service my-app my-service
$ cf bind-service my-app my-service
$ cf restage my-app

Confirm that your service credentials have changed by viewing the credentials for the service. Instructions for doing that can be found here.

If the steps above do not result in a new set of credentials being issued, contact Pivotal Support for additional details.

Risks

Be careful when resetting your password. If you use a service-specific tool to change your password, it can result in a difference between the password for the server and the password that is provided to your application by PWS (i.e. through VCAP_SERVICES). If these differ, it may result in downtime of your application or the inability to access your data.