docs: clarify single-instance vs dual-phase rotation per provider

[IgorHorta]

Context

Secret rotation documentation does not clearly indicate when a rotation is single-instance vs dual-phase per provider. Users need to understand this per provider to reason about behavior (e.g., overlap period, zero-downtime guarantees).

Changes:

• Updated overview page with a dedicated "Single-Instance Rotation" section and a provider comparison table showing rotation type and zero-downtime capability
• Added <Info> callout to 12 dual-phase provider docs indicating zero-downtime rotation
• Updated 4 single-instance provider docs with <Warning> callout explaining potential service interruptions
• Added FAQ entry explaining the difference between rotation types

Resolves SECRETS-99

Screenshots

N/A - Documentation only changes

Steps to verify the change

1. Navigate to the Secret Rotation Overview page
2. Verify the new "Single-Instance Rotation" section appears after "Implementation Considerations"
3. Verify the "Provider Rotation Types" table lists all 16 providers with their rotation type
4. Check a dual-phase provider doc (e.g., PostgreSQL) - should have an <Info> callout
5. Check a single-instance provider doc (e.g., Auth0) - should have a <Warning> callout

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

[linear]

SECRETS-99 Improve secret rotation docs: clarify single-instance vs dual-phase per provider

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR improves secret rotation documentation by clearly distinguishing between single-instance and dual-phase rotation strategies across all 16 supported providers.

Key Changes:

• Added "Single-Instance Rotation" section to overview.mdx explaining the difference between rotation types
• Added comprehensive "Provider Rotation Types" comparison table listing all 16 providers with their rotation capabilities
• Added <Info> callouts to 12 dual-phase provider docs (PostgreSQL, MySQL, MSSQL, MongoDB, OracleDB, Redis, AWS IAM, Okta, Azure, Databricks, DBT, OpenRouter) highlighting zero-downtime capability
• Updated 4 single-instance provider docs (Auth0, LDAP, Unix/Linux, Windows) from <Note> to <Warning> callouts to emphasize service interruption risks
• Added FAQ entry explaining the technical differences between rotation types

The documentation is now clear about which providers support zero-downtime rotation and which require maintenance windows. This helps users make informed decisions about auto-rotation configuration.

Confidence Score: 5/5

• This PR is completely safe to merge with zero risk
• Documentation-only changes that improve clarity and user understanding. All changes are consistent, well-structured, and accurately reflect the technical capabilities of each rotation provider. No code changes, no breaking changes, no security concerns.
• No files require special attention

Important Files Changed

Filename	Overview
docs/documentation/platform/secret-rotation/overview.mdx	Added Single-Instance Rotation section and Provider Rotation Types comparison table with FAQ entry explaining rotation types
docs/documentation/platform/secret-rotation/auth0-client-secret.mdx	Changed Note to Warning callout, updated to clarify single-instance rotation behavior and service interruption risks
docs/documentation/platform/secret-rotation/ldap-password.mdx	Changed Note to Warning callout, updated to clarify single-instance rotation behavior and service interruption risks
docs/documentation/platform/secret-rotation/postgres-credentials.mdx	Added Info callout indicating dual-phase rotation with zero-downtime capability