Hacker News new | ask | show | jobs
by gleenn 50 days ago
After the Vercel hosting compromise and having to rotate a ton of keys recently, we are definitely implementing automated rotation of short lived keys. That was super painful.
1 comments
XCSme 49 days ago
But how do you do that without also having a long-lived key or access token to those services?
link
noAnswer 49 days ago
The long-lived credentials life inside a stripped down machine. Cron/lego/Ansible handles the renewal. The machines on the edge can't renew their keys themselves.
link
XCSme 49 days ago
Oh, this makes sense, so instead of "the app is rotating its keys" is more like "the keys in our app are being rotated by an external service".
link