As the GC Notify team, we need to be able to scan for and detect API keys in templates, and maybe SIN numbers? so that we can keep GC Notify secure and prevent API keys from being shared where they shouldn't.
Lana Stewart from DTO working on research for scanning feedback for things that need to be removed/redacted
WHY are we building?
We had an incident
WHAT are we building?
Scanning and an alert for API keys found in templates
VALUE created by our solution
More secure GC Notify
Description
As the GC Notify team, we need to be able to scan for and detect API keys in templates, and maybe SIN numbers? so that we can keep GC Notify secure and prevent API keys from being shared where they shouldn't.
Lana Stewart from DTO working on research for scanning feedback for things that need to be removed/redacted
WHY are we building? We had an incident WHAT are we building? Scanning and an alert for API keys found in templates VALUE created by our solution More secure GC Notify
Documentation and Artifacts
Incident report https://docs.google.com/document/d/15a9EKGuFTdPIHfhYPXt8xDg6DHBci451b7bdQB88pDs/edit#heading=h.gjdgxs
Acceptance Criteria
Given some context, when (X) action occurs, then (Y) outcome is achieved
[ ] Cypress UI tests if needed.
[ ] Generate appropriate log messages so that executions of this feature can be tracked
[ ] Can misuse of this feature cause harm? If yes, create an alert
[ ] Update the status of related findings, insights, and hypotheses on the Research Airtable
[ ] Once change/fix/feature is implemented, link relevant Airtable records to design artifacts (Figma)
A11y
Bilingualism
Privacy considerations
Security controls in place
Measuring success and metrics
QA Steps