You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
security credential handling, KMS support on private key
no plaintext of any credentials, strong encryption algorithm on passcode
trusted setup, use different credential on different account to avoid massive leakage
do not check-in any credentials into github (using gitguardian monitor)
network security check
network security assumes AWS is being used to setup the service.
load balancer ELB setup on backend - NA
SSL certificate auto-renewal - letsencrypt automated process
DDoS protection on load balancer, such as WAF
host static front end files on netlify/IPFS/S3
KMS setup for credentials
security group hardening for backend
whitelisted SSH access to jumphost only
expose service port to trusted network only
compute security
compute security is applicable to the VPS used to host the service.
up to date LTS OS image and security package updated
updated docker base image update
sufficient machine spec for the service
user account protection, use separate accounts on testing/production environments
Operational Readiness Review (ORR)
ORR is used to make sure the service launched with operational excellence in mind. The effort spent on ORR will reduce the further operational loads of the team and provide better service to end users.
deployment
use ansible to deploy the service
auto remove any credentials from remote host after deployment
use systemd service to launch service to avoid service interruption - NA - will have to monitor interruption of service and automatically attempt a restart
docker deployment - NA - all image are used locally
docker hub setup
docker build / image / process automation
database setup and security rule
need a process to backup the mongodb
db backup rules
no leakage of the service account
ansible-vault setup
encrypt all credentials and config files
private repo setup to save the encrypted files
infura project ID protection - NA
[] check if high limit account setup is needed for frontend
use different infura project ID for different service
continuous integration/deployment
canary: setup an automated testnet deployment using testnet docker image
release test
release tag/sign-off process
canary
travis build and automated test
integration with github release action
monitoring
uptimerobot monitoring
pagerduty integration
on-call rotation setup
monitor the availability of the service
monitor the availability of the frontend
monitor the availability of the backend
monitor service account balance on blockchain
pagerduty integration
use grafana dashboard to monitor
export promethesus metrics from the service
operation, documentation and maintenance
where is the runbook? architecture document
end user support
support email setup
discord/telegram support channel setup
FAQ
pop-up or inline help
restart process
how to restart the frontend? what's the proper process?
how to restart the backend? what's the proper process?
rollback/revert Process
what is the rollback or revert process?
emergency plan
how to pause the service in case of security breach?
take-down backend
contingency script to increase the threshold
refund process
what is the manual refund process?
The text was updated successfully, but these errors were encountered:
We need to prepare for the launch of BTC bridge.
Let's create a checklist of the launch and operation readiness review.
This ticket is a placeholder, please fill in all the details below.
Security checklist
Security checklist covers source code security, network security, and compute security.
code security check
source code security check is the first step to follow during the development stage.
network security check
network security assumes AWS is being used to setup the service.
compute security
compute security is applicable to the VPS used to host the service.
Operational Readiness Review (ORR)
ORR is used to make sure the service launched with operational excellence in mind. The effort spent on ORR will reduce the further operational loads of the team and provide better service to end users.
deployment
monitoring
operation, documentation and maintenance
The text was updated successfully, but these errors were encountered: