What it is: Automatically changing a secret on a schedule, and updating dependent systems.

What it’s for:

• Reduce risk from leaked credentials.
• Meet compliance/security requirements.

Key ideas:

• Often implemented using a Lambda rotation function.
• Rotation can update database credentials automatically (for supported DBs).

Exam cues:

• “must change passwords every 30 days automatically” → secret rotation.

Hard words:

• *schedule* /ˈskedʒuːl/ (US often /ˈskedʒuːl/): lịch
• *dependent* /dɪˈpendənt/: phụ thuộc
• *leaked* /liːkt/: bị lộ