Terms of Service

Last reviewed: May 28, 2026

These terms apply to your use of the keyrotate software ("the Software") and the keyrotate.dev website ("the Site"), both provided by BotFlow Lab ("we", "us"). By installing or using the Software, or by accessing the Site, you agree to these terms.

License

The Software is open-source under the MIT License. You may use, copy, modify, and distribute it freely subject to the conditions of that license. These Terms of Service are in addition to, and do not override, the MIT License grant.

No warranty

The Software is provided "AS IS", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and non-infringement. This is repeated in the MIT License and we mean it: rotating production secrets is a high-stakes operation, and you are responsible for understanding what the tool does before you run it against systems that matter to you.

Limitation of liability

To the maximum extent permitted by law, BotFlow Lab and the keyrotate contributors shall not be liable for any direct, indirect, incidental, special, exemplary, or consequential damages arising from the use of, or inability to use, the Software or the Site. This includes lost data, lost revenue, broken production deployments, or compromised credentials. You assume all risk of using the Software.

Acceptable use

You agree not to use the Software or the Site:

• To rotate credentials you are not authorized to rotate.
• To access or modify systems you are not authorized to access.
• To violate any applicable law or third-party terms (including the terms of providers like OpenAI, Stripe, Resend, etc. that keyrotate may verify keys against).
• To attempt to defeat or stress-test the Site or any downstream service through abnormal load.

Third-party services

keyrotate verifies keys against and writes secrets to third-party services (OpenAI, Stripe, GitHub, Supabase, Netlify, Fly.io, 1Password, and others). Your use of those services is governed by their own terms. We are not responsible for the availability, accuracy, or behavior of third-party services.

Supply chain

We take reasonable care to publish only what we built from the source on the main branch of the public repository. We do not warrant that the published binaries are free of defects. See Supply Chain Integrity for the controls we apply and how you can verify or build from source yourself.

Modifications

We may update the Software, the Site, and these Terms at any time. The "Last reviewed" date at the top reflects the current version. Continued use after a change constitutes acceptance of the new Terms.

Governing law

These Terms are governed by the laws of the Kingdom of Thailand, without regard to its conflict-of-laws provisions. Any dispute arising under these Terms shall be resolved in the courts of Thailand.

Contact

Questions about these Terms: hello@keyrotate.dev.