search

ministryofjustice / operations-engineering

This repository is home to the Operations Engineering's tools and utilities for managing, monitoring, and optimising software development processes at the Ministry of Justice. • This repository is defined and managed in Terraform
https://user-guide.operations-engineering.service.justice.gov.uk/
MIT License
14 stars 5 forks source link

Assess and limit the scope of each token #4548

Closed tamsinforbes closed 3 months ago

tamsinforbes commented 3 months ago

User Need

As a member of the operations engineering team, I want to organise and secure the GitHub personal access tokens in the moj-operations-engineering-bot account, so that we can reduce risks, improve clarity, and align with best practices in token management.

Value

Properly managing these tokens will significantly reduce security risks by limiting their scope and improving their traceability. It will also streamline our processes by creating a clear and efficient method for future token creation and management.

Functional Requirements:

Acceptance Criteria:

  1. All token reviewed and set with minimum scopes required for them to work as required.
tamsinforbes commented 3 months ago

This is happening as part of individual tickets.