Interview › Security & DevSecOps
How does secret rotation work, and why does it matter? [Advanced]
Answer
Secret rotation replaces an old credential with a new one and ensures all consumers switch safely. It matters because leaked or overused credentials become less valuable if they expire quickly and are rotated regularly.
Technical explanation
Rotation must account for consumers, deployment timing, connection pools, caches, and rollback paths.
Safe rotation often uses overlapping validity windows: create new, deploy consumers, verify, then revoke old.
Automated rotation should include audit logging, failure alerts, and emergency rotation procedures.
Hands-on example
Hands-on plan: for a database password, create a new credential, update Vault, restart or reload apps through rolling deployment, monitor auth failures, then revoke the old credential. For dynamic Vault database secrets, rely on leases and configure maximum TTLs to force renewal.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]