Reconnect or Rotate Credentials Safely
Overview
Security best practices mandate that access tokens and client secrets are rotated regularly. If your cloud provider token expires, CloudAIPilot will lose its ability to autonomously manage your servers, gather monitoring metrics, or run backups.
Recognizing Expired Credentials
When a token expires or is revoked externally:
- Server statuses may show as Stale or Unknown.
- The FinOps dashboard will display a Sync Failed warning.
- Any background operations you approve (like scaling a disk) will immediately fail in the Activity Center.
How to Rotate Credentials
You do not need to delete and recreate the Cloud Account (which would disrupt your existing servers). Instead, use the Reconnect flow:
- Generate a new Token, Secret, or IAM Role in your Cloud Provider's console.
- In CloudAIPilot, navigate to Cloud Accounts.
- Click the three dots (
...) next to the degraded account and select Update Credentials. - Enter the new secret/token and click Save.
Zero-Downtime Rotation Guarantee
Rotating credentials in CloudAIPilot will never cause downtime for your running web applications.
- CloudAIPilot interacts with the cloud management plane (APIs), not your server's runtime data plane.
- During the rotation, your Nginx, Docker, and Database services remain completely unaffected.
PQC Encryption Note
Upon updating, the new credential is immediately secured using our Post-Quantum Cryptographic standard. The old credential is permanently wiped from the database and cannot be recovered.