For key rotation, we use a shared database that acts as a synchronization primitive to decide on a race condition winner process that renews the token for the inactive slot well in advance, then swaps that slot into active use for everyone in the same environment. This means you need 2 slots per environment, so we ended up creating multiple duplicate applications so we could have 4 slots to allocate among 2 environments.