For supported configurations, you can change how {product-title} authenticates with your cloud provider.
To determine which cloud credentials strategy your cluster uses, see Determining the Cloud Credential Operator mode.
Some organizations require the rotation of the service keys that authenticate the cluster.
You can use the Cloud Credential Operator (CCO) utility (ccoctl) to update keys for clusters installed on the following cloud providers:
modules/rotating-bound-service-keys.adoc :!context: key-rotation-aws
modules/rotating-bound-service-keys.adoc :!context: key-rotation-gcp
modules/rotating-bound-service-keys.adoc :!context: key-rotation-azure :context: changing-cloud-credentials-configuration
Some organizations require the rotation of the cloud provider credentials. To allow the cluster to use the new credentials, you must update the secrets that the Cloud Credential Operator (CCO) uses to manage cloud provider credentials.
After installing {product-title}, some organizations require the removal of the cloud provider credentials that were used during the initial installation. To allow the cluster to use the new credentials, you must update the secrets that the Cloud Credential Operator (CCO) uses to manage cloud provider credentials.
After installing an {azure-first} {product-title} cluster, you can enable {entra-first} to use short-term credentials.