Read the original article: How To Maintain and Rotate Keys and Tokens With Zero Downtime
Introduction
Secrets are a form of distilled trust. They may be API keys, passwords, certificates, and other forms of key material. Generally, such credentials have a few major properties that make them more useful than just granting trust:
- They can be asymmetric. Perhaps the most important and secure way to perform key exchange (Bruce Schneier’s seminal Applied Cryptography is the best place for the details)
- They can be limited in scope (restricting access, capturing the persona or actor behind the action)
- They can be limited in time
- They can be partial, meaning you’d need a bunch of other keys to perform actual access (think: the atomic launch button in movies that requires several different physical keys)
Key Rotation as a Practice
Traditionally, key rotation is performed on a few occasions:
Read the original article: How To Maintain and Rotate Keys and Tokens With Zero Downtime