# Rotate profile authentication token

### Importance of periodic token rotation and impact

As explained in the documentation for [deploying agents](https://waf-doc.inext.checkpoint.com/getting-started/deploy-enforcement-point), security best practices dictate that authentication tokens should be rotated periodically.

The existing token will be invalidated but existing agents that were already registered are not affected.

{% hint style="warning" %}
Once rotated, in order to allow deployments of additional agents, **you must** replace all deployment scripts/configuration files/key vault entries that contain the now-invalid token.
{% endhint %}

### How to invalidate existing token and create a new one

When browsing to **Policy->Profiles** and editing any profile, its authentication token, used for authentication new deployments, can be found under Authentication section:

<figure><img src="https://2760087783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEWA4nfgNrSRL8dA6Kap7%2Fuploads%2FodEuUgaIWcxkuTtYrJ2n%2Fappsec-profiles-authentication-token.PNG?alt=media&#x26;token=aaa5d4ad-7a5b-4986-9378-7ec39b22aadd" alt=""><figcaption><p><br>Clicking on the  icon will invalidate the current token and create a new one that can be copied. </p></figcaption></figure>

Clicking on the ![](https://2760087783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEWA4nfgNrSRL8dA6Kap7%2Fuploads%2FZSgdc1pUg3GPoZxvlBFM%2Frotate-icon.PNG?alt=media\&token=77bd7cd8-658a-41f4-bb68-b5cffe4f404a) icon will invalidate the current token and create a new one that can be copied.