-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enhancement: add history of when a given secret was changed to the secrets UI #5438
Comments
Is this a good-first-bug? |
I see several ways we can achieve this.
Question is, if we implement 1. or 2. what other entities are worth being tracked? Roles? Worker pool configurations? |
@escapewindow there's also an older ticket about quarantine #4343 It feels like we should implement a proper audit log for most of the entities. Maybe we can implement single audit table for all (most) entities to log such events in form of:
So we would be able to attach audit log to secrets, hooks, clients, roles, worker-pools, workers.. |
Another angle to this problem is using mozilla-history for this purpose. |
A model here might be tc-admin, which uses a hash to represent secrets in the diff. Some considerations at the time were:
As for permissions, In the case of |
Use case: Releng was asked if we knew when a given secret was last changed. We didn't, but Cloudops was able to retrieve this information from the logs.
This could be as simple as "this secret was last changed on
datestring
" (though we may have to store this information in the db if it's not there already).Bonus points for being able to view a history of the last
n
changes to a given secret, or being able to blame theclientId
responsible.The text was updated successfully, but these errors were encountered: