Our Blog

Amazon Cognito enhances client secret management with secret rotation and custom secrets

Published
February 26, 2026
https://aws.amazon.com/about-aws/whats-new/2026/02/amazon-cognito-client-secret-lifecycle/

Amazon Cognito Client Secret Lifecycle Management

Amazon Cognito has introduced enhancements to client secret lifecycle management for app clients of Cognito user pools, including client secret rotation and support for custom client secrets. This update allows for secure sign-in and access control for users, AI agents, and microservices.

  • New Features: Option to bring your own custom client secrets for new or existing app clients and rotate client secrets on-demand.
  • Benefits: Address needs for organizations with periodic credential rotation requirements, improve security posture, and facilitate migration from other authentication systems to Cognito.
  • Active Secrets: Maintain up to two active client secrets per app client to allow a gradual transition to the new secret without application downtime.

What to do

  • Use the new capabilities through the AWS Management Console, AWS CLI, AWS SDKs, or AWS CloudFormation.
  • Refer to the Amazon Cognito Developer Guide for more information.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2026/01/amazon-rds-ipv6-vpc-endpoints-service-apis

Amazon RDS now supports IPv6 for VPC endpoints of RDS Service APIs

Amazon RDS now supports Internet Protocol version 6 (IPv6) for VPC endpoints of RDS Service APIs, in addition to the existing IPv6 support for public endpoints
Read more
https://aws.amazon.com/about-aws/whats-new/2025/10/aws-marketplace-currencies-usage-based-private-offers

AWS Marketplace now supports new currencies for usage-based private offers

AWS Marketplace now supports usage-based private offers in four new currencies: EUR, GBP, AUD, and JPY
Read more
https://aws.amazon.com/about-aws/whats-new/2025/11/aws-glue-cloudformation-cdk-zero-etl-integrations/

AWS Glue supports AWS CloudFormation and AWS CDK for zero-ETL integrations

AWS Glue zero-ETL integrations now support AWS CloudFormation and AWS Cloud Development Kit (AWS CDK), through which you can create Zero-ETL integrations using infrastructure as code
Read more
View all