Rotating Secret Version

Constraints

• The secret must be a rotated secret.
• The minimum rotation period is 4 hours.
• The secret account must be an existing database account.

Manual Rotation

1. Log in to the DEW console.
2. Click in the upper left corner and select a region or project.
3. In the navigation pane on the left, choose Cloud Secret Management Service > Secrets.
4. Click a secret name to access its details page.

5. In the Version area, click Rotate Now.
6. In the displayed dialog box, enter ROTATE, and click OK.
7. Wait until a message is displayed in the upper right corner, indicating the rotation starts now.
8. After the version is rotated, the latest secret version is in SYSCURRENT state.

Automatic Rotation

1. Log in to the DEW console.
2. Click in the upper left corner and select a region or project.
3. In the navigation pane on the left, choose Cloud Secret Management Service > Secrets.
4. Click a secret name to access its details page.
5. Click Set Rotation Policy in the upper right corner. In the displayed dialog box, enable Automatic Rotation, as shown in Figure 1.
   Figure 1 Automatic rotation
   

6. Set an automatic rotation period, select the risk warning, and click OK. A message indicating the rotation policy is set successfully is displayed in the upper right corner.
7. After automatic rotation is enabled, if the secret version fails to be rotated, you can view the number of rotation failures in the current version area. You can click the number of rotation failures to view the rotation failure records.
   

   • If the rotation fails for three consecutive times, the automatic rotation button of the secret is disabled.
   • Rotation failure records cannot be manually deleted. They are stored for one month and will be automatically deleted after one month.