Skip to content

chore: document credential rotation plan for GitHub Apps #139

Description

@marcusburghardt

There is no documented plan for credential rotation of GitHub App private keys. This applies to both complytime-bot (peribolos) and safe-settings-bot (safe-settings), and potentially other apps used across the org.

This should be addressed at scale rather than per-app:

  • Define a rotation cadence (e.g., annual)
  • Document the rotation procedure (generate new key, update secret, verify workflow, revoke old key)
  • Consider automating rotation reminders

Context: PR #114 review feedback from @jpower432.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    Priority

    None yet

    Effort

    None yet

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions