How to change the AWS access key rotation frequency

Hi all,

I added like like ~30 AWS access keys to doppler and connected them to ~30 github repositories - like usually three access keys (dev/staging/prod) are feeding into the one (and only) config per github repository. I interestingly set the rotation frequency to daily - so nobody saves these secrets anywhere locally.

Anyway, I just saw that billing page and it says in the team plan there is a sync limit of 100. So, either my setup is alright or - more likely - very soon it will all stop working. Hence, I’d like change the rotation frequency of existing rotated secrets. The alternative is to go through all the clean up of existing keys (basically I need to delete all access keys of these 30 users) and then reconnect the rotated secrets. And that sounds very painful.

Do I have any good option left here?

Hi @yasinzaehringer!

The 100 limit you’re seeing is for config syncs that exist – not number of syncs that are being performed on a day-to-day basis. So, if you have 30 configs and each one has a GitHub Action sync setup to a separate repository on GitHub, then you have 30/100 syncs when it comes to the limit you’re seeing. Those 30 syncs can sync any number of times and that number won’t increase unless you create another sync.

So! How frequently your rotated secrets are rotating (triggering config syncs to occur) will not cause you any problems here!

Also, what you saw on the Billing page is a new add-on section for the Team plan, so if you ever do get close to 100 syncs and need more, you can upgrade to a 500 sync limit for an additional $9/mo/user on your plan. In your case, it looks like you’ll be fine for a while most likely though!

Let me know if you have any questions!


Edit: Also, unfortunately, there’s no way to edit a Rotated Secret once it’s created right now. This is something we plan to add in the future. That said, you should be fine without decreasing the rotation frequency!

1 Like

Ah, perfect. That’s great to know. Thanks!

@watsonian I’m triyng to figure out what constitutes a “sync” and this answer was helpful, though I have a few more questions:

  1. Does using the cli as outlined here count as a sync? CI/CD Secrets Sync
  2. Related: Does the Kubernetes Operator count as 1 sync, or does each Managed Secret count as a sync?

@jrobel Glad the reply was useful! To answer your questions in turn:

  1. Nope! Only syncs attached to an integration connection in the Doppler dashboard count toward your sync limit. CLI invocations do count toward your API rate limit though – which is 240 reads/min on the Developer plan.

  2. Nope! Only syncs created in the Integrations area for a project (pictured below) are counted toward this limit.

Let me know if you have any additional questions!


@watsonian Excellent. Thank you for the clear explanation!