diff --git a/pkg/resourceinterpreter/default/native/retain.go b/pkg/resourceinterpreter/default/native/retain.go
index f167a5ada..a8bf48a5c 100644
--- a/pkg/resourceinterpreter/default/native/retain.go
+++ b/pkg/resourceinterpreter/default/native/retain.go
@@ -18,7 +18,6 @@ package native
 
 import (
 	"fmt"
-	"strings"
 
 	appsv1 "k8s.io/api/apps/v1"
 	batchv1 "k8s.io/api/batch/v1"
@@ -165,18 +164,6 @@ func retainWorkloadReplicas(desired, observed *unstructured.Unstructured) (*unst
 
 func retainSecretServiceAccountToken(desired *unstructured.Unstructured, observed *unstructured.Unstructured) (retained *unstructured.Unstructured, err error) {
 	if secretType, exists, _ := unstructured.NestedString(desired.Object, "type"); exists && secretType == string(corev1.SecretTypeServiceAccountToken) {
-		// retain service-account.uid which is a unique per cluster
-		serviceAccountUIDPath := []string{"metadata", "annotations", corev1.ServiceAccountUIDKey}
-		uid, exist, err := unstructured.NestedString(observed.Object, serviceAccountUIDPath...)
-		if err != nil {
-			return nil, fmt.Errorf("failed to get %s from desired.Object: %+v", corev1.ServiceAccountUIDKey, err)
-		}
-		if exist {
-			if err := unstructured.SetNestedField(desired.Object, uid, serviceAccountUIDPath...); err != nil {
-				return nil, fmt.Errorf("failed to set %s for %s %s/%s", strings.Join(serviceAccountUIDPath, "."), desired.GetKind(), desired.GetNamespace(), desired.GetName())
-			}
-		}
-
 		// retain token generated by cluster kube-controller-manager
 		data, exist, err := unstructured.NestedStringMap(observed.Object, "data")
 		if err != nil {
diff --git a/pkg/resourceinterpreter/default/native/retain_test.go b/pkg/resourceinterpreter/default/native/retain_test.go
index 794131142..fa6db7063 100644
--- a/pkg/resourceinterpreter/default/native/retain_test.go
+++ b/pkg/resourceinterpreter/default/native/retain_test.go
@@ -111,13 +111,11 @@ func Test_retainK8sWorkloadReplicas(t *testing.T) {
 }
 
 func Test_retainSecretServiceAccountToken(t *testing.T) {
-	createSecret := func(secretType corev1.SecretType, uuid, key, value string) *unstructured.Unstructured {
+	createSecret := func(secretType corev1.SecretType, dataKey, dataValue string) *unstructured.Unstructured {
 		ret, _ := helper.ToUnstructured(&corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{
-				Annotations: map[string]string{corev1.ServiceAccountUIDKey: uuid},
-			},
-			Data: map[string][]byte{key: []byte(value)},
-			Type: secretType,
+			ObjectMeta: metav1.ObjectMeta{},
+			Data:       map[string][]byte{dataKey: []byte(dataValue)},
+			Type:       secretType,
 		})
 		return ret
 	}
@@ -134,10 +132,10 @@ func Test_retainSecretServiceAccountToken(t *testing.T) {
 		{
 			name: "secret data and uid are retained for type service-account-token",
 			args: args{
-				desired:  createSecret(corev1.SecretTypeServiceAccountToken, "111", corev1.ServiceAccountTokenKey, "desired-token"),
-				observed: createSecret(corev1.SecretTypeServiceAccountToken, "999", corev1.ServiceAccountTokenKey, "observed-token"),
+				desired:  createSecret(corev1.SecretTypeServiceAccountToken, corev1.ServiceAccountTokenKey, "desired-token"),
+				observed: createSecret(corev1.SecretTypeServiceAccountToken, corev1.ServiceAccountTokenKey, "observed-token"),
 			},
-			want: createSecret(corev1.SecretTypeServiceAccountToken, "999", corev1.ServiceAccountTokenKey, "observed-token"),
+			want: createSecret(corev1.SecretTypeServiceAccountToken, corev1.ServiceAccountTokenKey, "observed-token"),
 		},
 		{
 			name: "ignores missing uid and data for type service-account-token",
@@ -150,26 +148,26 @@ func Test_retainSecretServiceAccountToken(t *testing.T) {
 		{
 			name: "does not retain for type tls",
 			args: args{
-				desired:  createSecret(corev1.SecretTypeTLS, "111", corev1.TLSCertKey, "desired-cert"),
-				observed: createSecret(corev1.SecretTypeTLS, "999", corev1.TLSCertKey, "observed-cert"),
+				desired:  createSecret(corev1.SecretTypeTLS, corev1.TLSCertKey, "desired-cert"),
+				observed: createSecret(corev1.SecretTypeTLS, corev1.TLSCertKey, "observed-cert"),
 			},
-			want: createSecret(corev1.SecretTypeTLS, "111", corev1.TLSCertKey, "desired-cert"),
+			want: createSecret(corev1.SecretTypeTLS, corev1.TLSCertKey, "desired-cert"),
 		},
 		{
 			name: "does not retain for type basic-auth",
 			args: args{
-				desired:  createSecret(corev1.SecretTypeBasicAuth, "111", corev1.BasicAuthUsernameKey, "desired-user"),
-				observed: createSecret(corev1.SecretTypeBasicAuth, "999", corev1.BasicAuthUsernameKey, "observed-user"),
+				desired:  createSecret(corev1.SecretTypeBasicAuth, corev1.BasicAuthUsernameKey, "desired-user"),
+				observed: createSecret(corev1.SecretTypeBasicAuth, corev1.BasicAuthUsernameKey, "observed-user"),
 			},
-			want: createSecret(corev1.SecretTypeBasicAuth, "111", corev1.BasicAuthUsernameKey, "desired-user"),
+			want: createSecret(corev1.SecretTypeBasicAuth, corev1.BasicAuthUsernameKey, "desired-user"),
 		},
 		{
 			name: "does not retain for type dockercfg",
 			args: args{
-				desired:  createSecret(corev1.SecretTypeDockercfg, "111", corev1.DockerConfigKey, "desired-docker-cfg"),
-				observed: createSecret(corev1.SecretTypeDockercfg, "999", corev1.DockerConfigKey, "observed-docker-cfg"),
+				desired:  createSecret(corev1.SecretTypeDockercfg, corev1.DockerConfigKey, "desired-docker-cfg"),
+				observed: createSecret(corev1.SecretTypeDockercfg, corev1.DockerConfigKey, "observed-docker-cfg"),
 			},
-			want: createSecret(corev1.SecretTypeDockercfg, "111", corev1.DockerConfigKey, "desired-docker-cfg"),
+			want: createSecret(corev1.SecretTypeDockercfg, corev1.DockerConfigKey, "desired-docker-cfg"),
 		},
 	}
 	for _, tt := range tests {