Getting Started

Welcome to How To Rotate, an open-source collection of API Key Rotation tutorials. Each tutorial provides step-by-step instructions on how to remediate a leaked API key security vulnerability by (1) Generating a new API key, (2) Replacing the compromised key, and (3) Revoking the compromised key.

To get started, click on a key rotation tutorial for a specific SaaS provider below or read more about key rotation.

GitLabMailchimpMicrosoft Teams
Slack WebhookSourcegraphSquare
StripeSumo LogicTailscale

This project is sponsored by Truffle Security, the creators of TruffleHog. The initial 19 tutorials align to the API keys and secrets that we see leaked most commonly. We welcome PRs for new key rotation tutorials. If there is a SaaS provider that you’d like to document the key rotation process for, please follow our CONTRIBUTING guidlines.

About Truffle Security

Truffle Security is an open source cybersecurity company that offers solutions for finding and remediating leaked software credentials. Our flagship product, TruffleHog, runs behind the scenes to scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs.