Regular rotation of keys and tokens is essential for maintaining security, reducing the risk of compromise, and ensuring cryptographic agility.

The following table summarizes the recommended rotation intervals for service account tokens, key pairs, and TLS certificates:
Item Recommended cadence Rationale
Service account JWT 30–90 days Limits the replay window and reduces exposure if a token is compromised.
Service account key pair 90–180 days Maintains key hygiene and supports cryptographic agility.
TLS certificate Based on CA policy (typically 90 days) Aligns with industry norms and encourages automation of certificate renewal.