---
title: Generating a client secret for an application
description: For security reasons, you should change the client secret for OIDC-based applications on a regular basis. For more information, see Rotating the client secret for an application.
component: pingone
page_id: pingone:applications:p1_generate_client_secret_application
canonical_url: https://docs.pingidentity.com/pingone/applications/p1_generate_client_secret_application.html
revdate: January 10, 2025
section_ids:
  about-this-task: About this task
  steps: Steps
  choose-from: Choose from:
  result: Result
---

# Generating a client secret for an application

For security reasons, you should change the client secret for OIDC-based applications on a regular basis. For more information, see [Rotating the client secret for an application](p1_rotate_client_secret.html).

## About this task

|   |                                                       |
| - | ----------------------------------------------------- |
|   | Client secrets apply only to OIDC-based applications. |

## Steps

1. Go to **Applications > Applications** and browse or search for the application.

2. Click the application entry to open the details panel.

3. Click the **Configuration** tab, and locate the **Client Secret** section.

4. Click **Generate New Secret**.

5. From **Retain Previous Secret**, select how long to retain the previous client secret:

   ### Choose from:

   * **Retain for 1 Day**: The previous secret expires 24 hours after the creation of the new secret.

   * **Retain for 7 Days**: The previous secret expires 7 days after the creation of the new secret.

   * **Retain for 30 Days**: The previous secret expires 30 days after the creation of the new secret. 30 days is the maximum retention period.

   * **Retain for custom duration**: Configure the secret to expire after a custom time frame. For example, 14 days.

     |   |                                                              |
     | - | ------------------------------------------------------------ |
     |   | You cannot set the retention period for longer than 30 days. |

   * **Do Not Retain Previous Secret**: The previous secret expires immediately. Application users might experience sign-on errors until the application is updated to use the new secret.

     |   |                                                                                                                                                                                                                                                                                                                                                                                            |
     | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
     |   | This setting cannot be changed. If you are not sure how long you should retain the previous client secret, select **Retain for 30 Days**. If you do not need to keep the previous secret for that long, you can revoke it manually before the retention period expires. For more information, see [Revoking a client secret for an application](p1_revoke_client_secret_application.html). |

6. Select **I understand and would like to continue**. Click **Confirm**.

## Result

PingOne generates a new client secret for the application.