---
title: Identity domain API keys should be rotated every 90 days or less
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Identity domain API keys should be
  rotated every 90 days or less
---

# Identity domain API keys should be rotated every 90 days or less
 
## Description{% #description %}

Oracle Cloud identity domain API keys should be rotated at least every 90 days to reduce the risk of unauthorized access from compromised credentials. Regular rotation of API keys is a security best practice that limits the window of opportunity for attackers to exploit compromised credentials.

**Note**: Identity domain users that are in an inactive state are not assessed.

## Remediation{% #remediation %}

Rotate API keys that are older than 90 days by creating new API keys and deleting the old ones. For guidance on managing API keys, refer to the [Working with API Keys](https://docs.oracle.com/iaas/Content/Identity/access/working-with-console-passwords-and-API-keys.htm) section in the Oracle Cloud Infrastructure Documentation.