Rotate a secret

Replace a secret with a new one

Secret rotation enables you to create a new version of a secret, replacing the current version. By default, rotating a secret will result in the "current" version being transitioned to the "deactivated" state.

Language

Python

JavaScript

Go

C#

Java

import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Vault


def rotate_secret(secret_id, new_secret):
    token = os.getenv("PANGEA_VAULT_TOKEN")
    domain = os.getenv("PANGEA_DOMAIN")
    config = PangeaConfig(domain=domain)
    vault = Vault(token, config=config)

    try:
        # rotate it
        vault.secret_rotate(secret_id, new_secret)

        # retrieve latest version
        retrieve_response = vault.get(secret_id)

    except pe.PangeaAPIException as e:
        print(f"Vault Request Error: {e.response.summary}")
        for err in e.errors:
            print(f"\t{err.detail} \n")

    return retrieve_response.result.current_version.secret

Was this article helpful?

Contact us