diff --git a/src/cli.rs b/src/cli.rs
index 5113e10..1f1ff15 100644
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -40,7 +40,14 @@ pub(crate) struct BaseArgs {
 pub(crate) struct RotateArgs {
     #[clap(flatten)] // Inherit arguments from BaseArgs
     pub(crate) base: BaseArgs,
-    // Additional arguments for rotation (if any) can be added here.
+
+    /// Whether the CLI should write a recovery log (contains sensitive information!) or not
+    #[clap(short, long, default_value = "20")]
+    pub(crate) password_length: i8,
+
+    /// Whether the CLI should write a recovery log (contains sensitive information!) or not
+    #[clap(short, long)]
+    pub(crate) write_recovery_log: bool,
 }
 
 /// Arguments specific to the `init-vault` subcommand.
diff --git a/src/config.rs b/src/config.rs
index 965fdb0..8b40491 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -1,6 +1,6 @@
+use log::debug;
 use serde::Deserialize;
 use std::{fs::File, io::Read, path::PathBuf};
-use log::debug;
 
 #[derive(Deserialize, Debug)]
 pub(crate) struct Config {
diff --git a/src/main.rs b/src/main.rs
index 990b7ff..4fb1fb4 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -6,10 +6,12 @@ use config::Config;
 use crate::cli::{CliArgs, Command};
 use crate::config::read_config;
 use crate::vault::Vault;
+use crate::workflow::switch_active_users;
 
 mod cli;
 mod config;
 mod vault;
+mod workflow;
 
 fn main() {
     init_logger();
@@ -22,7 +24,11 @@ fn main() {
             let mut vault: Vault = Vault::connect(&config);
             vault.init_secret_path()
         }
-        Command::Rotate(_) => {}
+        Command::Rotate(rotate_args) => {
+            let config: Config = read_config(rotate_args.base.config_path);
+            let vault: Vault = Vault::connect(&config);
+            switch_active_users(&config, &vault)
+        }
     }
 }
 
diff --git a/src/vault.rs b/src/vault.rs
index 9225d04..a236dd3 100644
--- a/src/vault.rs
+++ b/src/vault.rs
@@ -1,6 +1,6 @@
-use std::env;
 use log::info;
 use serde::{Deserialize, Serialize};
+use std::env;
 use tokio::runtime::{Builder, Runtime};
 use vaultrs::client::{VaultClient, VaultClientSettingsBuilder};
 use vaultrs::kv2;
diff --git a/src/workflow.rs b/src/workflow.rs
new file mode 100644
index 0000000..747c545
--- /dev/null
+++ b/src/workflow.rs
@@ -0,0 +1,4 @@
+use crate::config::Config;
+use crate::vault::Vault;
+
+pub(crate) fn switch_active_users(config: &Config, vault: &Vault) {}