New clientsecrets are created every time you bind a service.
The
clientsecretincluded in theVCAP_SERVICESsection of your application is specific to the binding.
This allows you to rotate secrets by unbinding and then binding the SAP Job Scheduling service instance again to the application.
The clientsecret assigned to the service instance becomes invalid if you unbind the service and the access token requests to the SAP Job Scheduling service REST API using it fail.
Before this change, service instances using instance level secrets continue to use these and they remain valid. It's possible to rotate these out for binding level secrets by rebinding the service instance to the application.
Related Information