Manage secret rotation for API keys, passwords, and tokens with configurable policies, provider hooks, and automatic rollback on failure. Never let credentials go stale.
Browse the actual product documentation and code examples included in this toolkit.
Key features of Secret Rotator
• Automated rotation — rotate secrets based on configurable max-age policies (default: 90 days) • Provider hooks — built-in support for Stripe, generic API keys, and password generation • Rollback on failure — automatic backup and restore if rotation fails • Age checking — scan all secrets and flag stale credentials with `--check-age` • Secure backups — HMAC-verified backup before every rotation • Cryptographic generation — secrets generated via Python's `secrets` module (CSPRNG)
Automated rotation — rotate secrets based on configurable max-age policies (default: 90 days)
Provider hooks — built-in support for Stripe, generic API keys, and password generation
Rollback on failure — automatic backup and restore if rotation fails
Age checking — scan all secrets and flag stale credentials with `--check-age`
Secure backups — HMAC-verified backup before every rotation
Cryptographic generation — secrets generated via Python's `secrets` module (CSPRNG)
Configure Secret Rotator parameters to see how the product works.
# Rotate all secrets that exceed their max age python src/secret_rotator.py --config secrets.json --rotate # Check which secrets are stale python src/secret_rotator.py --config secrets.json --check-age # Roll back a specific secret to its previous value python src/secret_rotator.py --config secret