====== Secret Rotation ======

**What it is:** Automatically changing a secret on a schedule, and updating dependent systems.

**What it’s for:**
  * Reduce risk from leaked credentials.
  * Meet compliance/security requirements.

**Key ideas:**
  * Often implemented using a Lambda rotation function.
  * Rotation can update database credentials automatically (for supported DBs).

**Exam cues:**
  * “must change passwords every 30 days automatically” → secret rotation.

**Hard words:**
  * *schedule* /ˈskedʒuːl/ (US often /ˈskedʒuːl/): lịch
  * *dependent* /dɪˈpendənt/: phụ thuộc
  * *leaked* /liːkt/: bị lộ