Rotating Hosted Secrets

Last updated: 2021-08-18 14:21:42

To improve system security, the update of a secret needs to be synced across multiple applications and configurations. For a multi-application scenario, if secrets are stored in local files, an application might be missed, running a risk of application interruptions. SSM enables you to apply a secret update to all dependent applications. You can also create multiple versions for a secret to implement beta updates and rotation.

You can rotate secrets using either of the following ways:

  • Method 1: add a secret version. The server can implement beta rotation by updating the secret version.
  • Method 2: update the content of the current secret. When the server calls an API to obtain the secret, the secret content is updated automatically. For more information, please see Examples of Secret API Calls.