> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/pam/concepts/password-rotation.md). # Password rotation **Password rotation** is the process of automatically changing stored passwords on a regular basis to improve security and reduce risk from credential exposure. This concept is essential in privileged access management as it helps protect critical accounts from unauthorized access. In Devolutions PAM, password rotation involves [discovering accounts](https://docs.devolutions.net/pam/concepts/account-discovery/) from an [identity provider](https://docs.devolutions.net/pam/concepts/identity-providers/), comparing stored and actual passwords, and changing them when needed. The new passwords are securely stored and linked to the corresponding entries. These operations are managed using discovery, heartbeat, and password rotation mechanisms to enforce password policies and credential accuracy. While built-in providers handle these steps internally, fully customized control is only available by creating [custom PAM provider templates](https://docs.devolutions.net/pam/concepts/anyidentity-template/). This option enables flexible integration with external systems and custom workflows for password lifecycle management. Password rotation differs from a password reset, which is typically a one-time manual operation triggered by a specific event, such as a forgotten password or suspected compromise. In contrast, rotation is a recurring, proactive process that helps maintain ongoing security [compliance](https://docs.devolutions.net/pam/concepts/compliance-reporting/). While both result in a new password, rotation is scheduled and automated, whereas reset is reactive and often user-initiated. {% embed url="" %} #### Password rotation aliases * Credential rotation * Automatic password update * Privileged account rotation #### Related topics * [Account discovery (Devolutions Cloud)](https://docs.devolutions.net/pam/kb/knowledge-base/create-anyidentity-action-script-dvls/#account-discovery) * [Password rotation (Devolutions Server)](https://docs.devolutions.net/pam/kb/knowledge-base/create-anyidentity-action-script-dvls/#password-rotation) #### See also * [Heartbeat (Devolutions Server)](https://docs.devolutions.net/pam/kb/knowledge-base/create-anyidentity-action-script-dvls/#heartbeat) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.devolutions.net/pam/concepts/password-rotation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.