1  {
 2    "credentials": [
 3      { "service": "OPENROUTER_API_KEY",        "last_rotated": null, "interval_days": 90,  "note": "Billing cycle or suspected leak" },
 4      { "service": "TWILIO_AUTH_TOKEN",         "last_rotated": null, "interval_days": 90,  "note": "Financial risk (SMS costs money)" },
 5      { "service": "RESEND_API_KEY",            "last_rotated": null, "interval_days": 90,  "note": "Reputation risk (email sending)" },
 6      { "service": "PAYPAL_CLIENT_SECRET",      "last_rotated": null, "interval_days": 90,  "note": "Financial risk (payment processing)" },
 7      { "service": "API_WORKER_SECRET", "last_rotated": null, "interval_days": 180, "note": "Shared secret, coordinated rotation" },
 8      { "service": "ZENROWS_API_KEY",           "last_rotated": null, "interval_days": 365, "note": "Low risk (read-only scraping)" },
 9      { "service": "RESEND_WEBHOOK_SECRET",     "last_rotated": null, "interval_days": 365, "note": "Low risk (inbound verification only)" },
10      { "service": "GOOGLE_SHEETS_PRIVATE_KEY", "last_rotated": null, "interval_days": 365, "note": "Low risk (internal reporting)" },
11      { "service": "UNSUBSCRIBE_SECRET",        "last_rotated": null, "interval_days": 365, "note": "Low risk (HMAC signing)" },
12      { "service": "DATAFORSEO_PASSWORD",       "last_rotated": null, "interval_days": 365, "note": "Low risk" },
13      { "service": "ZEROBOUNCE_API_KEY",        "last_rotated": null, "interval_days": 365, "note": "Low risk" },
14      { "service": "FIXER_API_KEY",             "last_rotated": null, "interval_days": 365, "note": "Low risk (free tier)" },
15      { "service": "SSH_KEYS",                  "last_rotated": null, "interval_days": 365, "note": "Or on any suspected host compromise" }
16    ],
17    "_note": "Update last_rotated (ISO 8601 date) after each rotation. Run scripts/check-rotation-schedule.js to see overdue items."
18  }