github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-09 07:28:09 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
f55f03cfb1aff29d2efd6ceff8bbd1429d1cc497
infisical/docs/documentation/platform/pam/product-reference/credential-rotation.mdx
x032205 c8add06785 address reviews
2025-11-21 17:13:19 -05:00

48 lines
2.2 KiB
Plaintext
Raw Blame History

---
title: "Credential Rotation"
sidebarTitle: "Credential Rotation"
description: "Learn how to automate credential rotation for your PAM resources."
---
Automated Credential Rotation enhances your security posture by automatically changing the passwords of your accounts at set intervals. This minimizes the risk of compromised credentials by ensuring that even if a password is leaked, it remains valid only for a short period.
## How it Works
When rotation is enabled, Infisical's Gateway connects to the target resource using a privileged "Rotation Account". It then executes the necessary commands to change the password for the target user account to a new, cryptographically secure random value.
## Configuration
Setting up automated rotation requires a two-step configuration: first at the Resource level, and then at the individual Account level.
<Steps>
<Step title="Configure Rotation Account on Resource">
A **Rotation Account** is a master or privileged account that has the necessary permissions to change the passwords of other users on the target system.
When creating or editing a [Resource](/documentation/platform/pam/getting-started/resources), you must provide the credentials for this privileged account.
*Example: For a PostgreSQL database, this would typically be the `postgres` superuser or another role with `ALTER ROLE` privileges.*
![Credential Rotation Account](/images/pam/getting-started/resources/credential-rotation-account.png)
</Step>
<Step title="Enable Rotation on Account">
Once the resource has a rotation account configured, you can enable rotation for individual [Accounts](/documentation/platform/pam/getting-started/accounts) that belong to that resource.
In the account settings:
1. Toggle **Enable Rotation**.
2. Set the **Rotation Interval** (e.g., every 7 days, 30 days).
![Rotate Credentials Account](/images/pam/getting-started/resources/rotate-credentials-account.png)
</Step>
</Steps>
## Supported Resources
Automated rotation is currently supported for the following resource types:
- **PostgreSQL**: Requires a user with `ALTER ROLE` permissions.
<Note>
We are constantly adding support for more resource types.
</Note>
Reference in New Issue View Git Blame Copy Permalink