Rotation

Credential Rotation refers to the controlled process of resetting and updating privileged credentials associated with managed assets. As a core function of the PAM system, Rotation helps enforce strong credential hygiene by automating the periodic change of passwords, SSH keys, or other secret material used to authenticate to remote systems.

Credential rotation tasks are governed by predefined scripts and policies that dictate how, when, and under what conditions credentials should be updated. These tasks are typically assigned at the Asset Type level and inherited by all child assets, ensuring consistent enforcement of security practices across the organization.

Each rotation task is linked to a Password Requirement policy, defining the complexity, format, and rules of the resulting credential. Rotation can be triggered manually, scheduled at regular intervals, or initiated by user events such as credential viewing or asset updates.

All rotation activity is audited and reported, providing full visibility into execution history, outcomes, and compliance posture. This helps reduce the risk of credential misuse, supports zero-trust principles, and aligns with regulatory requirements for managing privileged access.