add to rotate master key and parameters

Author: susanpann

src/pages/docs/administration/managing-infrastructure/rotate-master-key.md

@@ -23,6 +23,7 @@ Octopus [encrypts important and sensitive data](/docs/security/data-encryption)
 - Sensitive variable values, wherever you have defined them.
 - Sensitive values in your deployment processes, like the password for a custom IIS App Pool user account.
 - Sensitive values in your deployment targets, like the password for creating [Offline Drops](/docs/infrastructure/deployment-targets/offline-package-drop).
+- Sensitive values in your process templates, like the default value for a sensitive/password box parameter.
 
 ## Rotating the Master Key
 

src/pages/docs/platform-hub/process-templates/index.md

@@ -68,6 +68,7 @@ Process Templates can manage the following as parameters.
 - Generic OIDC Account
 - Google Cloud Account
 - Multi-line text box
+- Sensitive/password box
 - Single-line text box
 - Target Tags
 - Teams
@@ -90,12 +91,17 @@ You can set an optional default value for these parameters:
 - Multi-line text
 - Dropdown
 - Checkbox
+- Sensitive/password box
 - AWS Account
 - Azure Account
 - Generic OIDC Account
 - Google Cloud Account
 - Username Password Account
 
+:::div{.hint}
+The ability to add default values for Sensitive/password box parameters is available from **Octopus 2026.1**. Unlike the other parameters, sensitive default values are stored securely in the database with a unique GUID identifier. This identifier is used in the process template to reference the default sensitive value in the database. Because of this approach, sensitive default values are supported in CaC workflows. Scoping for Sensitive/password box parameters is not currently supported.
+:::
+
 You cannot set a default value for these parameters, they must be set inside a project:
 
 - Certificate