diff --git a/doc/Core.xml b/doc/Core.xml
index 058425837..920967948 100644
--- a/doc/Core.xml
+++ b/doc/Core.xml
@@ -6242,6 +6242,42 @@ onvif://www.onvif.org/name/ARV-453
           </variablelist>
         </para>
       </section>
+      <section>
+        <title>Configuration Renewal</title>
+        <para>
+          The configuration allows for a renewal endpoint to be set. If the device supports this feature, it shall automatically renew the credentials 
+          when they are about to expire.
+        </para>
+        <para>
+          The device shall do a GET request to the configured <literal>RenewalEndpoint</literal> with a JWT token retrieved from the configured 
+          <literal>AuthorizationServer</literal>. The endpoint shall respond with a JSON payload with the following structure:
+          <programlisting><![CDATA[{
+    "region": "string" | null,
+    "storageUri": "string" | null,
+    "user": {
+        "username": "string" | null,
+        "password": "string" | null,
+        "token": "string" | null
+    },
+    "expiresAt": "<ISO 8601 date-time>"
+}]]></programlisting>
+          Any null value in the response shall clear the corresponding optional parameter in the <literal>StorageConfiguration</literal>.
+        </para>
+        <para>
+          When the device receives a configuration with the <literal>ConfigurationRenewal</literal> set, it shall immediately contact
+          the renewal endpoint to get up-to-date credentials. The device may use the credentials provided by the configuration in the
+          meantime to avoid service disruption.
+        </para>
+        <para>
+          Once the device has called the renewal endpoint, the corresponding <literal>StorageConfiguration</literal> shall be updated with the
+          new values provided by the endpoint.
+        </para>
+        <para>
+          The device shall ensure to renew the configuration before the expiration provided by the <literal>expiresAt</literal> field.
+          If the renewal endpoint fails to provide a valid response, the device shall continue to use the existing configuration and retry
+          later using an exponential backoff strategy.
+        </para>
+      </section>
       <section>
         <title>GetStorageConfigurations</title>
         <para>This operation lists all existing storage configurations. A device indicating storage configuration capability shall support the listing of existing storage configurations through the GetStorageConfigurations command.</para>
diff --git a/wsdl/ver10/device/wsdl/devicemgmt.wsdl b/wsdl/ver10/device/wsdl/devicemgmt.wsdl
index cfd29a591..1b712bdd2 100644
--- a/wsdl/ver10/device/wsdl/devicemgmt.wsdl
+++ b/wsdl/ver10/device/wsdl/devicemgmt.wsdl
@@ -336,6 +336,11 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 						<xs:documentation>Indicates maximum number of storage configurations supported.</xs:documentation>
 					</xs:annotation>
 				</xs:attribute>
+				<xs:attribute name="StorageConfigurationRenewal" type="xs:boolean">
+					<xs:annotation>
+						<xs:documentation>Indicates support for renewal of storage configuration.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
 				<xs:attribute name="GeoLocationEntries" type="xs:int">
 					<xs:annotation>
 						<xs:documentation>If present signals support for geo location. The value signals the supported number of entries.</xs:documentation>
@@ -2228,6 +2233,34 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 							<xs:documentation>User credential for the storage server</xs:documentation>
 						</xs:annotation>
 					</xs:element>
+					<xs:element name="ConfigurationRenewal" minOccurs="0">
+						<xs:complexType>
+							<xs:sequence>
+								<xs:element name="RenewalEndpoint" type="xs:anyURI">
+									<xs:annotation>
+										<xs:documentation>Remote URL to be queried by the device to renew the storage configuration.</xs:documentation>
+									</xs:annotation>
+								</xs:element>
+								<xs:element name="AuthorizationServer" type="tt:ReferenceToken">
+									<xs:annotation>
+										<xs:documentation>AuthorizationServer token referring to the server that provides JWT tokens to authorize with the the renewal endpoint.</xs:documentation>
+									</xs:annotation>
+								</xs:element>
+								<xs:element name="CertPathValidationPolicyID" type="xs:string" minOccurs="0">
+									<xs:annotation>
+										<xs:documentation>CertPathValidationPolicyID used to validate the renewal endpoint server certificate.
+											If not configured, server certificate validation behavior is undefined and the device may either apply
+											a vendor specific default validation policy or skip validation at all.</xs:documentation>
+									</xs:annotation>
+								</xs:element>
+								<xs:element name="Error" type="xs:string" minOccurs="0">
+									<xs:annotation>
+										<xs:documentation>Optional user readable error information (readonly).</xs:documentation>
+									</xs:annotation>
+								</xs:element>
+							</xs:sequence>
+						</xs:complexType>
+					</xs:element>
 					<xs:element name="Extension" minOccurs="0">	<!-- deprecated -->
 						<xs:complexType>
 							<xs:sequence>
diff --git a/yaml/ver10/cloudintegration/yaml/storagerenewal.yaml b/yaml/ver10/cloudintegration/yaml/storagerenewal.yaml
new file mode 100644
index 000000000..8ba0afda1
--- /dev/null
+++ b/yaml/ver10/cloudintegration/yaml/storagerenewal.yaml
@@ -0,0 +1,56 @@
+openapi: 3.0.3
+info:
+  title: Storage Configuration Renewal
+  contact:
+    name: ONVIF Technical Specification
+    url: https://github.com/onvif/specs
+    email: help@onvif.org
+  license:
+    name: ONVIF Contributor License Agreement
+    url: https://github.com/onvif/specs/blob/development/LICENSE.md
+  version: "25.06"
+paths:
+  /Configuration-Renewal:
+    get:
+      responses:
+        '200':
+          description: successful operation
+          content:       
+            application/json:
+              schema:
+                $ref: '#/components/schemas/storageConfigurationRenewal'
+components:
+  schemas:
+    storageConfigurationRenewal:
+      type: object
+      required:
+      - type
+      properties:
+        region:
+          type: string
+          example: "us-east-1"
+          description: "Optional region of the storage server"
+        storageUri:
+          type: string
+          example: "https://<bucket>.s3.us-east-1.amazonaws.com/"
+          description: "Storage server address"
+        user:
+          type: object
+          description: "User credentials for the storage server"
+          properties:
+            username:
+              type: string
+              example: "<AccessKeyId>"
+              description: "Optional user name used to access the storage server"
+            password:
+              type: string
+              example: "<SecretAccessKey>"
+              description: "Optional password used to access the storage server"
+            token:
+              type: string
+              example: null
+              description: "Optional token used to access the storage server"
+        expiresAt:
+          type: string
+          example: "2024-08-14T15:31:24Z"
+          description: "Expiration date of the storage configuration as an ISO 8601 date-time"
\ No newline at end of file