Closed sastels closed 3 weeks ago
PR for K1 -> K2,K1: https://github.com/cds-snc/notification-manifests/pull/1767
Done!
Tested:
Will leave in QA for a day to ensure prod has no issues
looks good. Will wait another week and then rotate a second time. This will remove the old key entirely. Note that waiting is needed to ensure that no notifications are signed with the old key.
We kicked out the old key secret on Thursday in both staging and production environments. We confirmed everything is working as expected. 👍
Description
As a Notify user I need the product to remain secure
WHY are we building?
Want to regularly change our secrets
WHAT are we building?
Rotating SECRET_KEY in prod
VALUE created by our solution
Security!
Steps
https://docs.google.com/document/d/1BkAkz45CVQRGQSNwN018beTebrbTUNpyTpGEaO7Clyc/edit#heading=h.e1u1x5vi3jgm
Step 0: Test the system before doing anything
Step 1: Rotate SECRET_KEY Assume that the current SECRET_KEY is K1 or K0,K1 Everything has been signed with K1 in the database and in transit K1 is being used for signing K0 (if it’s there) and K1 are used for verifying
Test:
Step 2: Resign database fields The database fields for old records have previously been signed with K1. New records are now being signed with K2
This reports what changes would be made. To actually resign
This will not resign the notifications. We will let the old notifications move to the history table over the next week.
Test:
Second rotation:
Acceptance Criteria
QA Steps