---
title: Keys and secrets
description: Web Agent uses cryptographic keys for encryption, signing, and securing network connections, and passwords. The following sections discuss how to secure keys and secrets in your deployment.
component: web-agents
version: 2025.11
page_id: web-agents:security-guide:keys
canonical_url: https://docs.pingidentity.com/web-agents/2025.11/security-guide/keys.html
section_ids:
  use-strong-keys: Use strong keys
  rotate-keys: Rotate keys
---

# Keys and secrets

Web Agent uses cryptographic keys for encryption, signing, and securing network connections, and passwords. The following sections discuss how to secure keys and secrets in your deployment.

## Use strong keys

Small keys are easily compromised. Use at least the [recommended key size](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29).

For more information about strong encryption, refer to the documentation for the web server where the agent runs. For NGINX, for example, refer to [Security controls](https://docs.nginx.com/nginx/admin-guide/security-controls/).

## Rotate keys

Rotate keys regularly to:

* Limit the amount of data protected by a single key.

* Reduce dependence on specific keys, making it easier to migrate to stronger algorithms.

* Prepare for when a key is compromised. The first time you try key rotation shouldn't be during a real-time recovery.

* Conform to internal business compliance requirements.

Learn more in [Rotate keys](../maintenance-guide/rotate-keys.html).