Skip to main content

Rotate a secret

Replace a secret with a new one

Secret rotation enables you to create a new version of a secret, replacing the current version. By default, rotating a secret will result in the "current" version being transitioned to the "deactivated" state.

import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from import Vault

def rotate_secret(secret_id, new_secret):
token = os.getenv("PANGEA_VAULT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
vault = Vault(token, config=config)

# rotate it
vault.secret_rotate(secret_id, new_secret)

# retrieve latest version
retrieve_response = vault.get(secret_id)

except pe.PangeaAPIException as e:
print(f"Vault Request Error: {e.response.summary}")
for err in e.errors:
print(f"\t{err.detail} \n")

return retrieve_response.result.current_version.secret

Was this article helpful?

Contact us