update

motdotla · motdotla · commit 7bef1ecb8823 · 2025-12-12T07:36:49.000-08:00
diff --git a/blog/_posts/2025-12-11-rotate-npm-tokens-with-dotenvx-ops.md b/blog/_posts/2025-12-11-rotate-npm-tokens-with-dotenvx-ops.md
@@ -6,11 +6,13 @@ image: "/assets/img/blog/blog-11.png"
 excerpt: "NPM's new short-lived tokens improve security, but they make rotation painful."
 ---
 
-**NPM's new short-lived tokens improve security, but they make rotation painful.** Every 90 days (or sooner) you have to manually create a fresh token, set it in your CI, and make sure nothing breaks. <sup><a href="#footnote1">1</a></sup>
+**NPM's new short-lived tokens** strengthen security, but they **make rotation painful.** Every 90 days (or sooner) you have to manually create a fresh token, set it in your CI, and make sure nothing breaks. <sup><a href="#footnote1">1</a></sup>
 
-It was a real problem for us. We publish <a href="https://www.npmjs.com/org/dotenvx">64 npm packages</a>, and rotating tokens across all of them by hand was not going to be sustainable. Every expiration meant touching dozens of pipelines and praying the next publish didn't fail. So we built a solution.
+<img src="https://github.com/user-attachments/assets/9868574d-2e81-4654-b4bc-b1c66df19784" />
 
-Introducing <a href="https://dotenvx.com/docs/ops/rotate">Dotenvx Rotate</a> — part of Dotenvx Ops.
+This was a real problem for us. We publish <a href="https://www.npmjs.com/org/dotenvx">64 npm packages</a>, and rotating tokens across all of them by hand was not going to be sustainable. Every expiration meant touching dozens of pipelines and praying the next publish didn't fail.
+
+So we built a solution. Introducing <a href="https://dotenvx.com/docs/ops/rotate">Dotenvx Rotate</a> - part of Dotenvx Ops.
 
 ## How It Works
 
