diff --git a/cluster/prod/app/drone-ci/secrets.toml b/cluster/prod/app/drone-ci/secrets.toml
index 5bd98d0..ac07926 100644
--- a/cluster/prod/app/drone-ci/secrets.toml
+++ b/cluster/prod/app/drone-ci/secrets.toml
@@ -2,8 +2,8 @@
 
 [secrets."drone-ci/rpc_secret"]
 type = 'command'
-rotate = true
 command = 'openssl rand -hex 16'
+# don't rotate, it would break all runners
 
 [secrets."drone-ci/cookie_secret"]
 type = 'command'
@@ -13,6 +13,7 @@ command = 'openssl rand -hex 16'
 [secrets."drone-ci/db_enc_secret"]
 type = 'command'
 command = 'openssl rand -hex 16'
+# don't rotate, it is used to encrypt data which we would lose if we change this
 
 
 # Oauth config for gitea