What's new?
You can now rotate your Paddle API keys automatically with AWS Secrets Manager. Paddle is an official AWS Secrets Manager partner, so you can keep your API credentials fresh on a schedule without manually creating and swapping keys.
How it works
When you create an API key in Paddle > Developer Tools > Authentication, you'll now see a Rotatable option. Mark a key as rotatable, store it in AWS Secrets Manager, and enable rotation, and AWS rotates it for you on your chosen schedule. This works with both your live and sandbox API keys.
During rotation, Paddle generates a new secret and keeps the old one valid for a short grace period, so your app keeps working with no downtime while the new secret takes over. Once the grace period ends, the old secret is revoked.
This means you can:
- Automate key rotation instead of manually creating and revoking keys.
- Keep credentials short-lived to reduce the risk of exposure.
- Meet enterprise security requirements for regular credential rotation.
Next steps
Rotation is available for keys created with the rotatable option. To get started:
You can still rotate keys manually at any time.
This is a non-breaking change, so it doesn't impact existing integrations.