Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Annual security review 2025: Secrets Management #1726

Open
4 tasks done
OlgaLiber2 opened this issue Jan 18, 2025 · 2 comments
Open
4 tasks done

Annual security review 2025: Secrets Management #1726

OlgaLiber2 opened this issue Jan 18, 2025 · 2 comments
Assignees
@ianliuwk1019
Labels
Tech Debt

Comments

@OlgaLiber2
Copy link
Collaborator

OlgaLiber2 commented Jan 18, 2025
edited by ianliuwk1019
Loading

Describe the task
For each release, ensure that any new secrets are added to the Secrets Registry.

Annually, review the Secrets Registry, ensure it is up to date, and ensure that credentials are being rotated at least annually.

Acceptance Criteria

  • Refer to item #9
  • Consult Secrets Registry to rotate (or regenerate)/add/remove credentials if needed to DEV -> TEST then PROD
  • Make sure Secrets Registry is up to date
  • Some credential update might be challenging, for example BCSC or IDIM, if that's the case, may need to create separate tickets for appropriate procedure for them to be updated if necessary.

Additional context

  • Maybe discuss the need of Secrets Registry for FOM and IDIM-Proxy?
  • Or here
@ianliuwk1019
Copy link
Collaborator

2025 rotation checklist added - https://apps.nrs.gov.bc.ca/int/confluence/display/FSAST1/Secrets+Rotation+-+2025 for the progress.

@ianliuwk1019 ianliuwk1019 self-assigned this Feb 10, 2025
@ianliuwk1019
Copy link
Collaborator

Most secrets were rotated for 2025.
Two tickets are created #1747 and #1759 to deal with database (AWS-Terraform) secrets and BCSC key separately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ianliuwk1019 ianliuwk1019

Labels
Tech Debt
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ianliuwk1019 @OlgaLiber2