Status: OUT
GCP secret and key rotation is end-to-end fragile across two independent mechanisms: the event-driven Secret Manager rotation chain depends on Pub/Sub notifications that are subject to delivery guarantee trade-offs (approximate dead-letter counting, ordering throughput limits), while the dual rotation challenge compounds KMS rotation safety (non-disruptive but requires manual re-encryption) with Cloud Run startup tension (fail-fast semantics on secret version changes) — creating a system where no single rotation event can be assumed to propagate reliably to all consumers.