NPM's decision to revoke long-lived tokens and limit new tokens to 90 days creates challenges for developers using GitHub Actions to publish projects. Many developers, including the author, rely on these tokens for automated release processes. The transition to short-lived tokens demands regular updates, which can be cumbersome without an efficient solution. To manage token rotation effectively, the author created a tool called `github-update-secret`. This tool automates the process of updating secrets across multiple repositories. By authenticating with a GitHub token, it fetches a list of all repositories where the user has admin access. Then it checks for the specified secret and updates its value if found. This is particularly useful for those who haven’t yet adopted OpenID Connect (OIDC) for trusted publishing, as they can continue using access tokens in the meantime. In a practical example, the author successfully rotated their `NPM_TOKEN` across 27 repositories with a simple command. The process was quick, and by running the command with a debug flag, they could track which repositories were being updated in real-time. While the transition to OIDC is the ultimate goal for long-term security, `github-update-secret` provides a necessary workaround to keep development workflows moving smoothly during this change.