Private Operator docs, add info re rotating the keys

docs/guides/integration-options-private-operator.md

@@ -7,6 +7,7 @@ displayed_sidebar: docs
 
 import Link from '@docusaurus/Link';
 import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';
+import SnptRotatingTheKeys from '../snippets/_private-operator-rotating-the-keys.mdx';
 
 # UID2 Private Operator Integration Overview
 
@@ -93,6 +94,10 @@ For information about supported versions and deprecation dates, see [Private Ope
 
 <UpgradePolicy />
 
+## Keeping the Operator Key Secure
+
+<SnptRotatingTheKeys />
+
 ## Getting Started
 
 To get started as a Private Operator, follow these steps:

docs/guides/operator-guide-aks-enclave.md

@@ -10,6 +10,7 @@ displayed_sidebar: docs
 
 import Link from '@docusaurus/Link';
 import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';
+import SnptRotatingTheKeys from '../snippets/_private-operator-rotating-the-keys.mdx';
 
 # UID2 Private Operator for AKS Integration Guide
 
@@ -471,3 +472,7 @@ To upgrade, complete the following steps:
    ```
    kubectl get pods
    ```
+
+## Keeping the Operator Key Secure
+
+<SnptRotatingTheKeys />

docs/guides/operator-guide-aws-marketplace.md

@@ -11,6 +11,7 @@ displayed_sidebar: docs
 import Link from '@docusaurus/Link';
 import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';
 import AttestFailure from '../snippets/_private-operator-attest-failure.mdx';
+import SnptRotatingTheKeys from '../snippets/_private-operator-rotating-the-keys.mdx';
 
 # UID2 Private Operator for AWS Integration Guide
 
@@ -359,6 +360,9 @@ The following table includes some additional commands that might help you manage
 | Runs one iteration of `logrotate` manually, without changing the scheduled interval. | `sudo logrotate -f /etc/logrotate.conf --force` |
 | Reloads `syslog-ng`. | `sudo /usr/sbin/syslog-ng-ctl reload` |
 
+## Keeping the Operator Key Secure
+
+<SnptRotatingTheKeys />
 
 ## UID2 Operator Error Codes
 

docs/guides/operator-guide-azure-enclave.md

@@ -10,6 +10,7 @@ displayed_sidebar: docs
 
 import Link from '@docusaurus/Link';
 import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';
+import SnptRotatingTheKeys from '../snippets/_private-operator-rotating-the-keys.mdx';
 
 # UID2 Private Operator for Azure Integration Guide
 
@@ -336,6 +337,10 @@ To upgrade, complete the following steps:
    for i in {0..COUNT}; az container delete --name uid-operator-OLD-VERSION-$i --resource-group {RESOURCE_GROUP} --yes
    ```
 
+## Keeping the Operator Key Secure
+
+<SnptRotatingTheKeys />
+
 ## UID2 Operator Error Codes
 
 The following table lists errors that might occur during a Private Operator's startup sequence.

docs/guides/operator-private-gcp-confidential-space.md

@@ -10,6 +10,7 @@ displayed_sidebar: docs
 
 import Link from '@docusaurus/Link';
 import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';
+import SnptRotatingTheKeys from '../snippets/_private-operator-rotating-the-keys.mdx';
 
 # UID2 Private Operator for GCP Integration Guide
 
@@ -532,6 +533,10 @@ If you previously set up a load balancer manually, you'll also need to update th
 ## Scraping Metrics
 The Private Operator for GCP exposes [Prometheus-formatted metrics](https://prometheus.io/docs/concepts/data_model/) on port 9080 through the /metrics endpoint. You can use a Prometheus-compatible scraper to collect and aggregate these metrics for your own needs.
 
+## Keeping the Operator Key Secure
+
+<SnptRotatingTheKeys />
+
 ## UID2 Operator Error Codes
 
 The following table lists errors that might occur during a Private Operator's startup sequence.

docs/snippets/_private-operator-rotating-the-keys.mdx

@@ -0,0 +1,8 @@
+<!-- Used by: all Private Operator guides plus intro: guides/operator-guide-aks-enclave.md, operator-guide-aws-marketplace.md, operator-guide-azure-enclave.md, operator-private-gcp-confidential-space.md, also integration-options-private-operator.md -->
+
+Here are some guidelines for keeping your operator key secure:
+
+- When you receive your operator key, store it in a secure location.
+- Keep track of all places where the key is used, so that if you need to rotate it you can do so quickly.
+- Establish a process for replacing the existing value with a new one if the key is compromised.
+- Rotate it on a regular cadence&#8212;for example, yearly&#8212;to help reduce the risk of the key being compromised.