What is Akeyless rotated secrets and how does it work?

Akeyless rotated secrets is a feature of the Akeyless Vaultless® Platform that automates the rotation and protection of privileged account credentials. It allows you to set a predefined schedule for password rotation, encrypts credentials using patented Distributed Fragments Cryptography™ (DFC) technology, and securely stores them in the Akeyless vault. You can also manually trigger password resets in case of emergencies. This automation helps organizations comply with security standards and reduces the risk of credential compromise.

How does Akeyless automate password rotation for privileged accounts?

Akeyless automates password rotation by allowing you to define rotation schedules for privileged user accounts. The platform generates new passwords according to the schedule or when manually triggered, resets them on the target machine, and stores the updated secret securely. Only authenticated and authorized clients can retrieve the secret value, ensuring secure access control.

How does Akeyless ensure the security of rotated secrets?

Akeyless secures rotated secrets using patented Distributed Fragments Cryptography™ (DFC) technology, encrypting credentials both in transit and at rest. Access to secrets is strictly controlled through granular permissions and Zero Trust Access principles, ensuring only authenticated and authorized clients can retrieve secret values.

Can I manually trigger a password reset for privileged accounts in Akeyless?

Yes, Akeyless allows you to manually trigger a password reset for privileged accounts in case of emergencies, such as suspected credential compromise. This can be done via the CLI or the Akeyless Console.

Does Akeyless support API access for secrets management?

Yes, Akeyless provides an API for its platform, allowing secure interactions for both human and machine identities. API Keys are supported for authentication. Access the API documentation at docs.akeyless.io/docs.

What security and compliance certifications does Akeyless hold?

Akeyless is certified for ISO 27001, SOC 2 Type II, FIPS 140-2, PCI DSS, and CSA STAR, demonstrating its commitment to international security and compliance standards. These certifications ensure suitability for regulated industries such as finance, healthcare, and critical infrastructure.

How does Akeyless help organizations meet regulatory requirements?

Akeyless adheres to international standards such as ISO 27001, SOC 2 Type II, PCI DSS, and GDPR. The platform provides audit and reporting tools to track every secret, ensuring audit readiness and compliance with regulatory requirements.

What problems does Akeyless solve for organizations?

Akeyless addresses several key challenges: the Secret Zero Problem (secure authentication without storing initial access credentials), legacy secrets management inefficiencies, secrets sprawl, standing privileges and access risks, high operational costs, and integration complexity. Its cloud-native SaaS platform centralizes secrets management, automates credential rotation, and enforces Zero Trust Access.

Who can benefit from using Akeyless?

Akeyless is designed for IT security professionals, DevOps engineers, compliance officers, and platform engineers across industries such as technology, finance, retail, manufacturing, and cloud infrastructure. Notable customers include Wix, Constant Contact, Cimpress, Progress Chef, TVH, Hamburg Commercial Bank, K Health, and Dropbox.

What business impact can customers expect from using Akeyless?

Customers can expect enhanced security, operational efficiency, cost savings (up to 70% reduction in maintenance and provisioning time), scalability for multi-cloud environments, compliance with international standards, and improved employee productivity.

Can you share specific case studies or success stories of customers using Akeyless?

Yes, Akeyless has several case studies and success stories: Constant Contact scaled in a multi-cloud, multi-team environment; Cimpress transitioned from Hashi Vault to Akeyless for enhanced security and seamless integration; Progress saved 70% of maintenance and provisioning time; Wix adopted Akeyless for centralized secrets management and Zero Trust Access.

Where can I find technical documentation for Akeyless?

Akeyless offers comprehensive technical documentation, including platform overviews, password management, Kubernetes secrets management, AWS integration, PKI-as-a-Service, and more. Access these resources at docs.akeyless.io and tutorials.akeyless.io/docs.

How long does it take to implement Akeyless and how easy is it to start?

Akeyless can be deployed in just a few days thanks to its SaaS-native architecture, which requires no infrastructure management. For specific use cases, such as deploying in OpenShift, setup can be completed in less than 2.5 minutes. The platform offers self-guided product tours, demos, tutorials, and 24/7 support to ensure a smooth onboarding experience.

What customer service and support options are available after purchasing Akeyless?

Akeyless provides 24/7 customer support via ticket submission, email, and Slack channel. Proactive assistance is available for upgrades and troubleshooting. Extensive technical documentation and tutorials are provided, and an escalation procedure is in place for urgent issues.

What training and technical support is available to help customers get started?

Akeyless offers self-guided product tours, platform demos, step-by-step tutorials, and comprehensive technical documentation. 24/7 support and a Slack channel are available for troubleshooting and guidance.

How does Akeyless handle maintenance, upgrades, and troubleshooting?

Akeyless provides 24/7 support for maintenance, upgrades, and troubleshooting. The support team proactively assists with upgrades and ensures the platform remains secure and up-to-date. Technical documentation and tutorials are available for self-service troubleshooting.

How does Akeyless compare to HashiCorp Vault?

Akeyless offers a vaultless architecture, eliminating the need for heavy infrastructure and reducing costs and complexity. Its SaaS-based deployment enables faster implementation and easier scalability. Advanced features include Zero Trust Access and automated credential rotation.

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, provides better integration across diverse environments, and offers significant cost savings with a pay-as-you-go pricing model. It also features Universal Identity and Zero Trust Access.

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, eliminating the need for multiple tools. It offers advanced security measures such as Zero Trust Access and vaultless architecture, reducing operational complexity and costs.

What feedback have customers shared about the ease of use of Akeyless?

Customers consistently praise Akeyless for its ease of use and seamless integration. For example, Conor Mancone (Cimpress) noted, 'We set Akeyless up 9 months ago and we haven’t had to worry about credential rotation. All of our software that’s running, it just works — we haven’t really had to think about it since then. It’s been a really smooth, really easy process.' Shai Ganny (Wix) said, 'The simplicity of Akeyless has enhanced our operations and given us the confidence to move forward securely.'

When was this page last updated?

This page wast last updated on 12/12/2025 .

Posted by Miryam Brand
March 19, 2022

Overview

One of the most sensitive secrets in your organization is without a doubt the credentials for your superuser accounts. These accounts, such as the root account for a Linux server, the Administrator account for a Windows server, or the Admin accounts for a network device, have virtually unlimited privileges. Anyone with the credentials for these privileged user accounts effectively has free reign over your systems, from creating and deleting users to installing software and changing system settings.

Because of the sensitivity of privileged-user credentials, many security standards require that you periodically rotate your superuser account passwords to remain compliant. As these accounts are often shared by multiple applications and users, ensuring everyone has the updated password is an administrative nightmare, and often, just distributing a new password increases the risk of it being intercepted and abused. Once the password is out there, you have no control over how it is managed, stored, and used.

Automating Password Rotation

The Akeyless Vaultless® Platform introduces rotated secrets – a simple way to automatically rotate and protect privileged account credentials. With rotated secrets, your superuser passwords are:

Rotated according to a predefined schedule
Encrypted using Akeyless’s patented Distributed Fragments Cryptography™ (DFC) technology
Securely stored in the Akeyless vault, from where they can be retrieved by authorized clients.

In case of emergency, for example, if you know a password has been compromised, you can also manually trigger a password reset.

Let’s take a closer look at how all this works.

Create a Target

Get started with a rotated secret in the Akeyless Vaultless® Platform by setting up the target for the secret, which could be a database or other server for which the superuser credentials are defined. The rotated secret itself is a privileged user account on the target.

Akeyless supports a growing list of targets, including AWS, Kubernetes, various databases, and SSH. New targets are continuously being added; check out the online documentation for the most up-to-date list. To set up a target, first define its location, such as a URL or hostname, and specify the credentials required to connect to the target and update the privileged user account password.

For example, for this SQL server target, specify the database name, hostname, and port for connecting to the database, as well as the required username and password.

Create a Rotated Secret

Now it’s time for the rotated secret itself. When you create a rotated secret, you need to name it and define the secret settings, such as how often the secret should be rotated, and the secret target. You can define a rotated secret to automatically update the password at defined intervals, or manually trigger a password update from the CLI or from the Akeyless Console. Similarly, you can set the rotated secret to reset the privileged user account password using the credentials in the target, or set it to use the privileged user account credentials to reset itself.

For example, for this MySQL rotated secret, specify the rotated secret name, the target for which the secret is defined, the username and password to be updated, and the rotation schedule.

Get the Rotated Secret Value

According to the schedule defined in the rotated secret, or when triggered from the CLI or from the Akeyless Console, the Akeyless Vaultless® Platform generates a new password for the privileged user account, resets it on the target machine, and stores the updated secret value so that it can be retrieved when required.

To keep the secret value safe, add your rotated secret to an access role, with the appropriate permissions. Akeyless will only provide the secret value to authenticated clients who are authorized to view it.

Conclusion

Superuser credentials are often static account credentials that are used by multiple applications and users. The sensitive nature of these accounts necessitates that their passwords be rotated frequently. By automating this process, Akeyless rotated secrets enable you to implement an aggressive rotation schedule and limit the risk if the credentials were exposed. In addition, by securely storing the password in a central vault, Akeyless eliminates the need to distribute the password, reducing the risk of the password being compromised.

Table of Contents

Frequently Asked Questions

Features & Capabilities