-
Notifications
You must be signed in to change notification settings - Fork 0
Secret Rotation Policy
-
Secure Storage: Secrets must be stored securely in encrypted formats. Learn more about GitHub Action secrets here.
-
Regular Rotation: All secrets, including passwords, API keys, and access tokens, must be rotated at least every 90 days or according to the guidelines provided by the respective service providers such as Forest Client API.
-
Notification and Alerts: Set up notification and alert system to inform relevant stakeholders about upcoming secret rotations and possible application outages.
-
Documentation: Maintain clear documentation outlining the procedures for secret rotation.
-
Incident Response: Having procedures in place to handle any security incidents related to secrets, including procedures for revoking compromised secrets and implementing corrective measures.
-
Continuous Improvement: Regularly review and update the secret rotation policy
Welcome to Evergreen Team Wiki page.
- Problem Statement and Goals
- Architecture
- Pull Request Guideline
- Cypress testing Documentation
- Sysdig integration