← Lessons

quiz vs the machine

Platinum1800

System Design

Secrets Rotation Pipeline

Replacing keys and passwords on a schedule without breaking running services.

5 min read · advanced · beat Platinum to climb

Why rotate secrets

A secret is a credential like a database password or signing key. The longer it lives, the more chances it has to leak. A rotation pipeline replaces secrets on a schedule so a stolen secret has a short useful life.

The hard part is rotating without an outage, because services are actively using the old secret.

The two phase rotation

Rotation safely uses an overlap window where both secrets are valid.

  • Create a new secret while the old one still works.
  • Distribute the new secret to all consumers and let them pick it up.
  • Promote the new secret to primary once everyone has it.
  • Retire the old secret only after confirming nothing still uses it.

Skipping the overlap is how rotations cause outages: retire too early and live services break.

Supporting machinery

  • A central secret store holds versions and serves the current value.
  • Consumers refresh periodically rather than caching forever.
  • An audit trail records who rotated what and when.

Key idea

A secrets rotation pipeline keeps old and new secrets valid during an overlap window so services migrate before the old secret is retired without an outage.

Check yourself

Answer to earn rating on the learn ladder.

1. Why does shorter secret lifetime improve security?

2. What is the purpose of the overlap window in rotation?

3. Retiring the old secret too early typically causes