reaatech/secret-rotation-kit

★ 0Last commit: May 19, 2026GitHub →

These packages provide a framework for automating secret rotation across AWS Secrets Manager, GCP Secret Manager, and HashiCorp Vault. They solve the risk of service outages during credential updates by orchestrating overlapping key validity windows, propagation verification, and automatic rollbacks. The system uses a modular architecture where a core engine consumes provider-specific adapters and an optional HTTP sidecar to manage the full secret lifecycle.

aws developer-tools devops docker security typescript

Packages

Sort

7 packages

secret-rotation-core

@reaatech/secret-rotation-core

pending npm

Orchestrates zero-downtime secret rotation lifecycles, including propagation verification, rollback logic, and state management. It provides a `RotationManager` class that requires a pluggable provider adapter to interface with specific secret management services.

View package

status: awaiting publish

secret-rotation-observability

@reaatech/secret-rotation-observability

pending npm

Provides structured JSON logging and a Prometheus-compatible metrics registry for the Secret Rotation Kit. It exports `LoggerService` and `MetricsService` classes that generate newline-delimited JSON logs and Prometheus-formatted metric strings, respectively.

View package

status: awaiting publish

secret-rotation-provider-aws

@reaatech/secret-rotation-provider-aws

pending npm

AWS Secrets Manager adapter for the Secret Rotation Kit, providing a `SecretProvider` implementation as a class (`AWSProvider`) that handles CRUD, version management (AWSCURRENT, AWSPENDING, AWSPREVIOUS), and rotation sessions via the AWS SDK v3.

View package

status: awaiting publish

secret-rotation-provider-gcp

@reaatech/secret-rotation-provider-gcp

pending npm

A class (`GCPProvider`) that implements the `SecretProvider` interface from the Secret Rotation Kit, backed by the `

View package

status: awaiting publish

secret-rotation-provider-vault

@reaatech/secret-rotation-provider-vault

pending npm

Provides a `VaultProvider` class that implements the `SecretProvider` interface for HashiCorp Vault KV v2 engines. It requires the `node-vault` package at runtime to facilitate secret CRUD operations and rotation lifecycle management.

View package

status: awaiting publish

secret-rotation-sidecar

@reaatech/secret-rotation-sidecar

pending npm

Exposes a REST API and SSE stream for managing secret rotations, health checks, and Prometheus metrics. It provides a `SidecarServer` class that wraps a `RotationManager` instance from the Secret Rotation Kit to handle HTTP requests.

View package

status: awaiting publish

secret-rotation-types

@reaatech/secret-rotation-types

pending npm

Provides TypeScript interfaces, abstract base classes, and error definitions for building custom secret rotation providers and consumers. This package contains no runtime code and serves as the shared type contract for the Secret Rotation Kit ecosystem.