← Back to all products

Secret Rotator

$19

Manage secret rotation for API keys, passwords, and tokens with configurable policies.

📁 10 files
JSONMarkdownPython

📄 Product Preview

Try the interactive reader and demo tools below, or get the full product with all content unlocked.

📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample

📁 File Structure 10 files

secret-rotator/ ├── LICENSE ├── README.md ├── examples/ │ └── rotation_config.json ├── free-sample.zip ├── guide/ │ ├── 01_features.md │ ├── 02_quick-start.md │ ├── 03_configuration-reference.md │ └── 04_license.md ├── index.html └── src/ └── secret_rotator.py

📖 Documentation Preview README excerpt

Secret Rotator

Manage secret rotation for API keys, passwords, and tokens with configurable policies, provider hooks, and automatic rollback on failure. Never let credentials go stale.

Features

  • Automated rotation — rotate secrets based on configurable max-age policies (default: 90 days)
  • Provider hooks — built-in support for Stripe, generic API keys, and password generation
  • Rollback on failure — automatic backup and restore if rotation fails
  • Age checking — scan all secrets and flag stale credentials with --check-age
  • Secure backups — HMAC-verified backup before every rotation
  • Cryptographic generation — secrets generated via Python's secrets module (CSPRNG)
  • JSON config-driven — define all secrets and policies in a single config file
  • Audit trail — rotation events logged for compliance and debugging

Requirements

  • Python 3.10+
  • No external dependencies (stdlib only)

Quick Start


# Rotate all secrets that exceed their max age
python src/secret_rotator.py --config secrets.json --rotate

# Check which secrets are stale
python src/secret_rotator.py --config secrets.json --check-age

# Roll back a specific secret to its previous value
python src/secret_rotator.py --config secrets.json --rollback api-key-prod

Output

Console output shows rotation status per secret (rotated, skipped, failed, rolled back). The config file is updated in place with new values and timestamps.

Configuration Reference

Define your secrets in JSON (see examples/rotation_config.json):


{
    "secrets": [
        {
            "name": "STRIPE_API_KEY",
            "provider": "stripe",
            "max_age_days": 90,
            "current_value": "sk-EXAMPLE...",
            "last_rotated": "2026-01-15T00:00:00Z"
        },
        {
            "name": "DB_PASSWORD",
            "provider": "password",
            "max_age_days": 60,
            "length": 32,
            "charset": "alphanumeric_special"
        }
    ]
}

*... continues with setup instructions, usage examples, and more.*

📄 Code Sample .py preview

src/secret_rotator.py #!/usr/bin/env python3 """ Secret Rotator — Security Kit (DataNest) Manages secret rotation for API keys, passwords, and tokens. Supports provider hooks for automated rotation and rollback on failure. Usage: python secret_rotator.py --config secrets.json --rotate python secret_rotator.py --config secrets.json --check-age python secret_rotator.py --config secrets.json --rollback api-key-prod Dependencies: Python 3.10+ stdlib only (no pip packages) License: MIT """ from __future__ import annotations import argparse import hashlib import hmac import json import logging import os import secrets import shutil import sys from dataclasses import dataclass, field, asdict from datetime import datetime, timezone, timedelta from pathlib import Path from typing import Any, Callable # --------------------------------------------------------------------------- # Constants # --------------------------------------------------------------------------- logger = logging.getLogger("secret_rotator") # Default rotation policy: rotate secrets older than this many days DEFAULT_MAX_AGE_DAYS = 90 # Minimum password lengths by tier MIN_PASSWORD_LENGTH = {"low": 12, "medium": 16, "high": 24, "critical": 32} # --------------------------------------------------------------------------- # Data models # --------------------------------------------------------------------------- @dataclass class SecretEntry: # ... 424 more lines ...
Buy Now — $19 Back to Products