|
|
|
|
|
|
by kgeist
1250 days ago
|
|
|
>And rotation is hard: a lot of systems still don't support multiple keys, so rotation has to be very carefully tied to some form of blue-green deployment Oh just today I found out the previous team stored all secrets in git in multiple repositories, and now I need to rotate them all. They encrypted them eventually with sops but did not rotate them so you can find everything in git history. The only solution I can come up with so far is create new credentials and gradually migrate everyone to new secrets, and then delete the old ones. And there's still a chance we can forget something and something will break. I wish there was a button "rotate secrets"... |
|
|
[1] https://www.gitguardian.com/monitor-internal-repositories-fo...
Disclaimer: I work for GitGuardian.