Rotated Secrets

Rotated secrets enable you to protect the credentials for privileged-user accounts such as an Administrator account on a Windows server, a root account on a Linux server, or an Admin account on a network device, by resetting its password.

The Akeyless Platform generates a new password, resets it on the target machine, and stores the updated secret value so that it can be retrieved when required.

You can define a rotated secret to automatically update the password at defined intervals, or manually trigger a password update from the CLI or from the Akeyless Console. You also have the ability to set a custom password length for each individual rotated secret.

You can configure:

The typical flow for working with rotated secrets is:

  1. Create a Target for a Rotated Secret: Get started by defining the target. The rotated secret itself is a user account on the target, for which the password needs to be rotated every X days.

  2. Create an SSH Rotated Secret or Create an AWS Rotated Secret: When you create a rotated secret, you need to name it and define the secret settings, such as how often the secret should be rotated, and the secret target. All secret values are encrypted using patented Akeyless Distributed Fragment Cryptography (DFC) technology.

  3. Add a Rotated Secret to a Role: Enable clients to access the rotated secret by adding it to a role, with the appropriate permissions.

  4. Retrieve a Rotated Secret Value: Get the value of a rotated secret when you need it.

If required, you can manually rotate a secret. See Manually Rotate a Secret.

When a rotated secret becomes obsolete, you can delete it.


Check out our tutorial video on Creating and Using Rotated Secrets.