Practice of regularly changing passwords, API keys, and other credentials to limit the damage from potential compromises. Like changing your locks regularly even if you haven't lost your keys.
Database passwords are automatically rotated every 30 days using AWS Secrets Manager, with applications automatically retrieving the new credentials.
All four services securely store secrets (passwords, API keys, certificates) and support rotation workflows. AWS Secrets Manager has built-in rotation orchestration (often via Lambda) and tight integration with AWS databases; Azure Key Vault supports rotation via Event Grid/Functions or managed integrations for some resources; GCP Secret Manager supports rotation via Cloud Scheduler/Functions or external automation; OCI Vault supports secret storage and rotation via OCI Functions/Events or custom automation.