How Often Should You Rotate Your Secrets And Credentials?

If you've been working with software, with web & cloud services in particular. You may have heard that it is a best practice to regenerate your secrets (such as your API and encryption keys) regularly.

But how often should you rotate all these credentials? It is recommended to rotate all your secrets and credentials every 90 days. But there are some exceptions.

A Few Caveats:

It is also recommended to immediately rotate all your secrets as soon as you detect suspicious activity in your company's network.

This can be for example when:

• A web security vulnerability that allowed access to read such secrets has been identified
• A targeted phishing attack against you or one of your developers/colleagues took place

Automating Credential-Rotating

Fortunately, there are several online solutions to automate the rotation of all your credentials.

Although Nova Security doesn't provide one, it does provide a scanner to help you identify security vulnerabilities in your network that could impact your organization financially.