Why does Cloud Foundry allow creation of multiple service keys when they for provide the same secrets?

Try for example on Pivotal the Elefant SQL or Redis services: You can create multiple service keys with different names, but they contain the same secrets.

I would have thought that in creating different keys I would be able to revoke them independently. Is that only possible for some services?

Solution

The behavior depends on the service broker implementation. The recommended approach is to generate unique values for every binding and service key. Not all service brokers do that though.

For reference, see the open service broker API here -> https://github.com/openservicebrokerapi/servicebroker/blob/v2.13/spec.md#credentials

I know, for example, that the Pivotal MySQL Service Broker follows this advice and generates unique credentials for each binding and service key.

https://github.com/cloudfoundry/cf-mysql-broker

Hope that helps!

Why changing just the `sap.app/id` in the manifest.json causes app to crash?
Push state enabled & context path routing: Static assets are not found on the server
Is the response time from Cloud Foundry RTR Logs in milliseconds or seconds?
Cloud Foundry Java Client in Springboot: login through /oauth/token fails
Solidity Error: Identifier not found or not unique (UserOperation)
Alternative to Terraform `lifecycle` for modules
GYP ERR! build error. stack Error: 'make' failed with exit code 2
Error staging application: App staging failed in the buildpack compile phase in HWC Buildpack
Trying to update Spring Cloud Dataflow v2.9.4 to 2.11.2 on Pivotal CloudFoundry but getting errors during deployment
Accessing user provided env variables in cloudfoundry in Spring Boot application
Cloud Foundry : Java Build Pack : Opentelemtry Javagent extension integration with jar from a repo
SAP UI5 Live Search in Input Box causing out of memory for the app on SAP BTP
Connectivity issues "ECONNRESET" with dynamic storage s3 and node.js
App deployed on PCF trying to find config at localhost:8888 even when the cloud foundry provided config server is binded with app
how to check running application's buildpack In cloudfoundry
How can the locale and encoding set in cloudfoundry buildpack docker image built by spring boot gradle task "bootBuildImage"
How can i set msg.sender inside foundry script to account from encrypted keystore?
Hazelcast instances not connecting to Master over TCP
cloudfoundry java buildpack memory changes not reflecting
Pivotal Web Services: Flyway Enterprise Edition or MySQL upgrade required
Rolling restart of cloudfoundry application
Spring boot application restart automatically when Cloud foundry updates/upgrade
how to use apt-buildpack from cloudfoundry repo
How to use the java-buildpack together with the apt-buildpack?
Difference between cf push and cf restage
Cp: target is not a directory
How to map a route in Pivotal Cloud Foundry to a landing page
Can a Cloud Foundry app ssh to itself with key authentication?
Problem deploying S4SDK application in Cloud Foundry
Are exported environment variables set in .profile.d scripts persistent in cloudfoundry container?