Pattern 98 / SECOPS

Secret Rotation

Use this when Changing credentials without downtime.

Pressure
Changing credentials without downtime
Mechanism
Support overlapping old/new secrets, deploy consumers, then revoke the old value
Toll
Every consumer must be discoverable and rotation must be rehearsed
Architecture plate98
Diagram for Secret Rotation
Executive brief

Secret Rotation fits when Changing credentials without downtime. Mechanism: Support overlapping old/new secrets, deploy consumers, then revoke the old value. Use it for API keys, DB passwords, certificates, signing keys. The toll: Every consumer must be discoverable and rotation must be rehearsed.

Use when

Api keys, db passwords, certificates, signing keys.

Example

Use secret rotation when api keys, db passwords, certificates, signing keys..

Review framing

Describe the pressure first, then the mechanism, then the cost. That keeps the design grounded.

Same pressure family

Security / Operations

96Audit Log
โ† 9799 โ†’