SEC-2: Credential Rotation
Summary
SEC-2 focuses on reducing the risk that long-lived credentials stay in service longer than they should across Make.com scenarios and n8n workflows. FlowBeacon uses this policy to encourage a clearer rotation practice for automation access and connected systems.
Severity: High · Category: Security · Platforms: Make.com, n8n
What FlowBeacon Reviews
- Whether automation credentials appear to rely on long-lived access without enough upkeep.
- Whether aging, invalid, or weakly owned access could create production risk.
- Whether there is a clear ownership and review pattern for sensitive connection access.
Why This Matters
- Long-lived credentials increase exposure if they are mishandled or forgotten.
- Rotation helps teams limit the impact of credential leakage or drift.
- A defined cadence makes security operations more predictable and auditable.
If This Policy Is Flagged
- Identify the owner for each affected credential or connection.
- Rotate or replace access that has stayed in place too long.
- Move sensitive access into managed storage if it is still handled informally.
- Re-run the evaluation after rotation and ownership are documented.
Why Users Care
- Teams reduce avoidable security risk without redesigning entire automations.
- Clients and internal stakeholders gain confidence that access is being maintained responsibly.
- Delivery partners can hand over automations with a cleaner operating baseline.