Getting Started

Welcome to How To Rotate, an open-source collection of API Key Rotation tutorials. Each tutorial provides step-by-step instructions on how to remediate a leaked API key security vulnerability by (1) Generating a new API key, (2) Replacing the compromised key, and (3) Revoking the compromised key.

To get started, click on a key rotation tutorial for a specific SaaS provider below or read more about key rotation.


AWS	Airbrake	Atlassian
Azure DevOps	Azure Function	Azure Search Admin
Azure Search Query	Azure Storage	GCP
GitHub	GitLab	Mailchimp
MaxMind	Microsoft Teams	MongoDB
NPM	Netlify	OpenAI
Sendbird	Sendgrid	Slack Webhook
Slack	Sourcegraph	Square
Stripe	Sumo Logic	Tailscale
Twilio

This project is sponsored by Truffle Security, the creators of TruffleHog. The tutorials align to the API keys and secrets that we see leaked most commonly. We welcome PRs for new key rotation tutorials. If there is a SaaS provider that you’d like to document the key rotation process for, please follow our CONTRIBUTING guidlines.

About Truffle Security

Truffle Security is an open source cybersecurity company that offers solutions for finding and remediating leaked software credentials. Our flagship product, TruffleHog, runs behind the scenes to scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs.