Rotate all the secrets #442
Comments
|
Follow-ups:
|
|
@gerhard pretty close to done! I believe the Sentry auth token was set up by you and I couldn't find it anywhere from my account. It's only called from the |
|
Yes, I set up that integration: https://changelog-media.sentry.io/settings/developer-settings/
BUT I no longer have the necessary permissions to create a new integration. Can you assign me Manager permissions? Knowing how I roll, I would prefer Owner so that I don't hit any limitations in the future. Only @adamstac can do this according to https://changelog-media.sentry.io/settings/members/ |
|
You are now a Manager ✊ |
|
I have set up a new integration before realizing that I could have added a new token to the existing one. When you have a moment @adamstac, can you please delete sentry-release-on-app-start-2023-02-18 (requires Owner privileges). Actually, you can also delete sentry-release-on-app-start. FWIW 61f1dda |
|
I think that we can close this even though the FTR: https://api.slack.com/apps/AJLKS2NAV/incoming-webhooks & #418
|
This turned out to not be as useful in practice. When did we last track down issues by Sentry release? Not as far as I can remember. This also removes one more credential. Related to thechangelog#442 Signed-off-by: Gerhard Lazu <gerhard@changelog.com>
This turned out to not be as useful in practice. When did we last track down issues by Sentry release? Not as far as I can remember. This also removes one more credential. Related to #442 Signed-off-by: Gerhard Lazu <gerhard@changelog.com>
We used to keep our app secrets in LastPass. While we have migrated to 1Password part of #433, in light of Hackers stole encrypted LastPass password vaults, and we’re just now hearing about it, the only way to know for sure that our secrets are secure, we must rotate all credentials that we used to store in LastPass.
We will take this opportunity to see which services are no longer in use, and
DELETEthem.Used by
changelog-2022-03-13appBACKUPS_AWS_ACCESS_KEYDELETE, no longer usedBACKUPS_AWS_SECRET_KEYDELETE, no longer usedCOVERALLS_REPO_TOKENDELETE, no longer usedFASTLY_API_TOKENDELETE, no longer usedGRAFANA_API_KEYDELETE, no longer usedHCAPTCHA_SECRET_KEYDELETE, no longer usedHN_PASSDELETE, no longer usedHN_USERDELETE, no longer usedPLUSPLUS_SLUGno need to rotate thisPROMETHEUS_BEARER_TOKEN_PROM_EXDELETE, no longer usedRECAPTCHA_SECRET_KEYDELETE, no longer usedSENTRY_AUTH_TOKENDELETE, no longer usedENVsin 1PasswordBACKUPS_AWS_ACCESS_KEYDELETE, no longer usedBACKUPS_AWS_SECRET_KEYDELETE, no longer usedCOVERALLS_REPO_TOKENDELETE, no longer usedDNSIMPLE_ACCOUNTDELETE, no longer usedDNSIMPLE_TOKENDELETE, no longer usedFASTLY_API_TOKENDELETE, no longer usedGRAFANA_API_KEYDELETE, no longer usedGRAFANA_CLOUD_LOKI_PASSWORDDELETE, no longer usedGRAFANA_CLOUD_LOKI_USERNAMEDELETE, no longer usedGRAFANA_CLOUD_PASSWORDDELETE, no longer usedGRAFANA_CLOUD_PROMEXDELETE, no longer usedGRAFANA_CLOUD_REMOTE_WRITE_PASSWORDDELETE, no longer usedGRAFANA_CLOUD_REMOTE_WRITE_USERNAMEDELETE, no longer usedGRAFANA_CLOUD_USERNAMEDELETE, no longer usedGRAFANA_CLOUD_lke-prod-20200426DELETE, no longer usedGRAFANA_CLOUD_lke-prod-2021DELETE, no longer usedHCAPTCHA_SECRET_KEYDELETE, no longer usedHN_PASSDELETE, no longer usedHN_USERDELETE, no longer usedHONEYCOMB_API_KEYDELETE, only needed by FastlyLINODE_CLI_TOKENDELETE, no longer usedMETRICS_GITHUB_OAUTH_APP_CLIENT_IDDELETE, no longer usedMETRICS_GITHUB_OAUTH_APP_CLIENT_SECRETDELETE, no longer usedPG_DOTCOM_PASSDELETE, no longer usedPOSTGRES_PASSWORDDELETE, no longer usedPROMETHEUS_BEARER_TOKEN_PROM_EXDELETE, no longer usedRECAPTCHA_SECRET_KEYDELETE, no longer usedROLLBAR_ACCESS_TOKENDELETE, no longer usedSENTRY_AUTH_TOKENDELETE, no longer usedUPBOUND_CLOUD_USER_TOKENDELETE, no longer usedThe text was updated successfully, but these errors were encountered: