Skip to content

Refresh Maia runner credentials🔗

Runner type:
Maia Hybrid
Runner platform:
AWS ✅ Azure ✅ Snowflake ✅ Matillion ✅

Refreshing a Maia runner's credentials lets you generate a new client_secret for the Maia runner in Maia, to authenticate with the Maia runner application in your infrastructure. You may wish to do this if, for example, your security policy requires that you change secrets on a regular basis.

Warning

This action will revoke existing credentials and result in disconnecting a running Maia runner. You must replace your Maia runner credentials and restart the Maia runner to reconnect. Ensure you have no pipelines running on the Maia runner when you use this feature.

How to refresh Maia runner credentials🔗

  1. In the left navigation, click the Runners & Instances icon . Then, select Runners from the menu.
  2. Locate your Maia runner, and click the three dots ..., then click Runner details.
  3. Click the Credentials tab.
  4. Click Refresh.
  5. When asked for confirmation, type the word refresh and click Refresh credentials.
  6. When you receive a notification that the credentials are refreshed, you can click Reveal to show the new secret that has been generated.

Apply the new credentials to the Maia runner in AWS or Azure. If the Maia runners have been installed using the provided templates for ECS and Container Apps, then the following guides for AWS or Azure may be used. Until this is done, the Maia runner status will show as Unknown on the Runners page, and the Maia runner can't be used to run pipelines.

Apply the new credentials (AWS)🔗

Once you have refreshed credentials on the Runner details page, follow this process to update your AWS-hosted Maia runner to use the new credentials.

The client_secret used by the Maia runner is held in your AWS Secrets Manager. The Maia runner app contains a pointer to this secret, which will not change. To update the secret:

  1. Log in to the AWS Console and locate the ECS service running your Maia runner. Note the name assigned to the Maia runner.
  2. In Secrets Manager, locate and select the secret that corresponds to the Maia runner name you noted.
  3. Click Retrieve secret value to display the existing value, then click Edit.
  4. Copy in the refreshed client_secret value you obtained from Maia. Don't change the secret name.
  5. Click Save.

Now restart the Maia runner, as described in Restart a Maia runner.

Apply the new credentials (Azure)🔗

Once you have refreshed credentials on the Runner details page, follow this process to update your Azure-hosted Maia runner to use the new credentials.

  1. In the Azure portal, select the Container App that holds your Maia runner.
  2. In the Container App's sidebar menu, select Application then containers.
  3. Click the Environment variables tab.
  4. The OAUTH_CLIENT_SECRET variable tells you the name of the secret that holds the client_secret.
  5. In the Container App's sidebar menu, click Settings → Secrets and locate the secret name you determined above.
  6. Click the edit (pencil) icon next to the secret to edit its value.
  7. Copy the refreshed client_secret you obtained from Maia and paste it into the Value field.
  8. Click the checkbox at the bottom to acknowledge that you want to proceed with the change.
  9. Click Save.

Now restart the Maia runner, as described in Restart a Maia runner.

Apply the new credentials (Snowflake)🔗

Once you have refreshed credentials on the Runner details screen, you need to update the secret entry in the Snowflake vault. The client_secret used by the Maia runner is held in your Snowflake vault. Read Secrets in Maia runner for Snowflake for details.

© Copyright 2026 Matillion Ltd | Legal | Privacy Policy | Disclaimer | Modern Slavery Statement