diff --git a/changelog/pending/20221020--cli--allow-rotating-the-passphrase-non-interactively.yaml b/changelog/pending/20221020--cli--allow-rotating-the-passphrase-non-interactively.yaml
new file mode 100644
index 000000000000..ced324469562
--- /dev/null
+++ b/changelog/pending/20221020--cli--allow-rotating-the-passphrase-non-interactively.yaml
@@ -0,0 +1,4 @@
+changes:
+- type: feat
+  scope: cli
+  description: Allow rotating the passphrase non-interactively
diff --git a/pkg/secrets/passphrase/manager.go b/pkg/secrets/passphrase/manager.go
index ab764de8251f..9d492e204356 100644
--- a/pkg/secrets/passphrase/manager.go
+++ b/pkg/secrets/passphrase/manager.go
@@ -16,13 +16,13 @@
 package passphrase
 
 import (
+	"bufio"
 	"context"
 	cryptorand "crypto/rand"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -225,7 +225,10 @@ func PromptForNewPassphrase(rotate bool) (string, secrets.Manager, error) {
 			firstMessage = "Enter your new passphrase to protect config/secrets"
 
 			if !isInteractive() {
-				return "", nil, fmt.Errorf("passphrase rotation requires an interactive terminal")
+				scanner := bufio.NewScanner(os.Stdin)
+				scanner.Scan()
+				phrase = strings.TrimSpace(scanner.Text())
+				break
 			}
 		}
 		// Here, the stack does not have an EncryptionSalt, so we will get a passphrase and create one
@@ -286,7 +289,7 @@ func readPassphrase(prompt string, useEnv bool) (phrase string, interactive bool
 			if err != nil {
 				return "", false, fmt.Errorf("unable to construct a path the PULUMI_CONFIG_PASSPHRASE_FILE: %w", err)
 			}
-			phraseDetails, err := ioutil.ReadFile(phraseFilePath)
+			phraseDetails, err := os.ReadFile(phraseFilePath)
 			if err != nil {
 				return "", false, fmt.Errorf("unable to read PULUMI_CONFIG_PASSPHRASE_FILE: %w", err)
 			}
diff --git a/pkg/secrets/passphrase/manager_test.go b/pkg/secrets/passphrase/manager_test.go
index 49625e179774..6f8030cd5fdc 100644
--- a/pkg/secrets/passphrase/manager_test.go
+++ b/pkg/secrets/passphrase/manager_test.go
@@ -1,7 +1,6 @@
 package passphrase
 
 import (
-	"io/ioutil"
 	"os"
 	"strings"
 	"testing"
@@ -102,7 +101,7 @@ func TestPassphraseManagerCorrectPassfileReturnsSecretsManager(t *testing.T) {
 	resetEnv := resetPassphraseTestEnvVars()
 	defer resetEnv()
 
-	tmpFile, err := ioutil.TempFile("", "pulumi-secret-test")
+	tmpFile, err := os.CreateTemp("", "pulumi-secret-test")
 	assert.NoError(t, err)
 	defer os.Remove(tmpFile.Name())
 	_, err = tmpFile.WriteString("password")