Closed sastels closed 3 weeks ago
Added a script to expire passwords to the attic
Instructions for rotating DANGEROUS_SALT modified.
PR to rotate staging DANGEROUS_SALT https://github.com/cds-snc/notification-manifests/pull/1728
Still in progress, testing the salt change in staging today.
rotated in staging, passwords were expired, all worked as expected.
Description
As a Notify dev, I need to be able to test our DANGEROUS_SALT rotations
WHY are we building?
Want to precisely document the steps for rotating DANGEROUS_SALT and ensure that it's fully tested
WHAT are we building?
Steps for rotating the DANGEROUS_SALT and testing along the way
VALUE created by our solution
We can confidently rotate in production
Acceptance Criteria
DANGEROUS_SALT
usage documentation in corresponding ADR. Make sure it is up to date. Verify that the only usage is for salting passwords before hashing:QA Steps
Apply the plan for rotation as described in the document and perform the following steps for testing.