Guides
Akeyless Docs

Creating and Using Rotated Secrets

📘

Deeper Dive

For more in-depth information, check out our detailed documentation on the following topics:

Rotated SecretsDatabase Rotated SecretSSH Rotated Secret
👍

Need any help?

If something in this tutorial isn't working as expected, feel free to contact our support team via Slack.

Below is a text-only guide for users based on the above video

What is a Rotated Secret?

Rotated Secrets help protect privileged user credentials, such as an administrator account on a Windows server, a root account on a Linux server, or an admin account on a network device. They work by resetting the account password either manually or automatically at defined intervals.

Akeyless automates this by generating a new password, resetting it on the target machine, and storing the updated secret value so that it can be retrieved when needed. Independently, the Gateway uses the Rotated Secret and the Target to update the user’s password on the target resource.

Let’s create our MySQL Rotated Secret using our MySQL Target which we previously configured.

Creating a Rotated Secret for MySQL via the UI

Click on 'New' --> 'Rotated Secret' and you will get a popup with a list of options to choose from. Click "MySQL" and then "Next".

Choose your Rotated Secret's Name and click "Next".

On the following screen, choose your Target, Rotator Type (Target in this case), Gateway, and set Auto Rotate to "Manual Only" (for this demo). Click "Finish".

Your Rotated Secret will then be created in your account.

You can see that this current password works for accessing the database.

Rotating the Secret via the UI

Let's rotate the password and show how it works. Simply click on the 'Rotate Secret' button, then 'Rotate now' and you will get a small notification at the bottom of the screen that your secret was successfully rotated.

This new password, along with your username, can be used to login to your MySQL database and we can see that the old password doesn't work anymore.

Creating an AWS Rotated Secret via the CLI

Next, let’s create a Rotated Secret for our AWS access key using the Akeyless CLI. Go to your terminal and use the akeyless rotated secret create aws command. Note that we specified the target name, rotator type - meaning we are rotating the access key of the target we are using - and the gateway URL.

Hit enter and the secret will be created. Go back to your Akeyless console and refresh the page to see the new secret. Next, click the eye icon to view the login details.

Rotate the Secret via the CLI

From the terminal, you can run the following command to rotate your secret:

akeyless rotate-secret --name <secret-name> --gateway-url 'Your-Akeyless-GW-URL'

Fetch the dynamic secret details with the following:

akeyless dynamic-secret get-value --name <secret-name> --target <target-name> --gateway-url 'Your-Akeyless-GW-URL'

To test the login details, go to your terminal and run aws configure with your AWS Access Key ID and AWS Secret Access Key. Then run aws sts get-caller-identity and if your user information shows in the output, you are successfully connected.


Updated 5 days ago

What’s Next
Custom Footer Solution

Platform

Integrations

Learn

Company

Partners

ISO GDPR PCI Trust Center CSA Star FIPS High Performer Badge Enterprise High Performer Badge Easiest Admin Badge Best Support Badge
CCPA Privacy Data Protection Measures Data Processing Agreement Code of Conduct EULA Terms of Service Privacy Policy Transfer Impact Assessment Cookie Declaration Accessibility Statement
© 2025 AKEYLESS. All rights reserved.