Risk R006: 💨 Runbook For Secrets in Operations Engineering Mono Repo

[connormaglynn]

User Need

As a member of Operations Engineering I want to be able to quickly understand the purpose, scope and how to rotate a given secret so that I can easily assess the impact of removing, amending or updating a secret. Also, so if a secret needs to be rotated, this can be done without too much thought.

Value

The operations-engineering repository hosts many secrets, for communicating with many third-party services across several processes.

Documenting the purpose and scope of each secret will help to identify "black box" secrets which are not easily understood by the team. Which should lead to further investigation in another ticket.

Documenting the appropriate rotation method for each secret will ensure minimal disruption when secrets are required to be rotated and help in automating the process in the future.

Functional Requirements:

• [ ] A new runbook has been created, describing the secrets held within the operations-engineering repository. Some ideas of what to detail in the runbook are (all these don't need to be included, list is given to generate initial ideas:
  • Purpose of the secret
  • Scope of the secret/permissions i.e. admin, read, write etc.
  • Current rotations method manual/automatic
  • Using an individual's Personal Access Token or using a Bot Account PAT?
  • Modernisation Platform Secret Rotation Guidance for an example of this type of runbook
• [ ] Secrets that are not well understood have been highlighted in the document, with a separate ticket to investigate further

Non-Functional Requirements:

• [ ] Runbook is easy to read and understand for someone with minimal knowledge of our tools and processes

Acceptance Criteria:

• [ ] A runbook has been created which gives sufficient details for someone to confidently/understand the risk of rotating a given secret within the operations-engineering repository.
• [ ] Where a secret takes too much time to understand, a separate ticket has been raised for further investigation - and the lack of understanding is highlighted in the runbook.

Notes:

• Some secrets may be deprecated, unused or not managed by us directly (Cloud Platform populate some secrets in the repository, for example). If it takes too much time to understand a secret, raise a separate ticket for it and highlight the lack of understanding in the runbook.
• We have secrets in other repositories as well - it would be good to understand these, but this is out of the scope of this ticket.

[tamsinforbes]

Rationalising GitHub Personal Access Tokens for MOJ-Operations-Engineering-Bot #4007

[tamsinforbes]

R006: 🔐 Secret Naming Standard in operations-engineering #4324