It is a security best practice to rotate or change privileged credentials frequently. With BeyondTrust Vault, you can choose to set imported domain credentials to automatically rotate after each use, or you can manually rotate credentials at any time. Two actions trigger the automatic rotation of domain credentials:
Local accounts cannot be automatically rotated and require manual rotation from /login.
Rotate Domain and Local Credentials Manually
Once rotation is complete, the Password Age information updates with a timestamp of "a few seconds".
Configure Automatic Rotation of Domain Credentials
After each use, the account will automatically rotate.
For more information, please see Discover Domains, Accounts, and Endpoints.