Practice of regularly changing passwords, API keys, and other credentials to limit the damage from potential compromises. Like changing your locks regularly even if you haven't lost your keys.
Database passwords are automatically rotated every 30 days using AWS Secrets Manager, with applications automatically retrieving the new credentials.
All four services store secrets securely and support rotation workflows. AWS Secrets Manager has built-in rotation orchestration (often via Lambda). Azure Key Vault supports certificate rotation and can integrate with automation (e.g., Event Grid/Functions) for secret rotation. Google Cloud Secret Manager supports versioned secrets and rotation via scheduled automation (e.g., Cloud Scheduler + Cloud Functions/Run). OCI Vault stores secrets and integrates with OCI services/automation for rotation; rotation is commonly implemented with Functions and scheduled jobs depending on the secret type.