Getting Started

Welcome to How To Rotate, an open-source collection of API Key Rotation tutorials. Each tutorial provides step-by-step instructions on how to remediate a leaked API key security vulnerability by (1) Generating a new API key, (2) Replacing the compromised key, and (3) Revoking the compromised key.

To get started, click on a key rotation tutorial for a specific SaaS provider below or read more about key rotation.

AWSAirbrakeAtlassian
Azure DevOpsAzure FunctionAzure Search Admin
Azure Search QueryAzure StorageElevenLabs
EraserFlexportGCP
GitHubGitLabGroq
MailchimpMaxMindMicrosoft Teams
MongoDBNPMNetlify
OpenAISendbirdSendgrid
Slack WebhookSlackSourcegraph
SquareStripeSumo Logic
TailscaleTwilioVTEX

This project is sponsored by Truffle Security, the creators of TruffleHog. The tutorials align to the API keys and secrets that we see leaked most commonly. We welcome PRs for new key rotation tutorials. If there is a SaaS provider that you’d like to document the key rotation process for, please follow our CONTRIBUTING guidlines.

About Truffle Security

Truffle Security is an open source cybersecurity company that offers solutions for finding and remediating leaked software credentials. Our flagship product, TruffleHog, runs behind the scenes to scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs.