This repository is home to the Operations Engineering's tools and utilities for managing, monitoring, and optimising software development processes at the Ministry of Justice. • This repository is defined and managed in Terraform
As a member of the operations engineering team,
I want to organise and secure the GitHub personal access tokens in the moj-operations-engineering-bot account, so that we can reduce risks, improve clarity, and align with best practices in token management.
Value
Properly managing these tokens will significantly reduce security risks by limiting their scope and improving their traceability. It will also streamline our processes by creating a clear and efficient method for future token creation and management.
Functional Requirements:
[ ] Assess if DNS_FORMS_CREATE_ISSUES Classic token in moj-operations-engineering-bot account can be replaced with a Fine-grained token and replace if possible.
Non-Functional Requirements:
[ ] Check how this token is used and if it is all within one org.
[ ] Created new Fine-grained token moj-operations-engineering-bot account following ADR 020, scope limited to repo, least permissions required, 1 year expiration, and follows naming convention.
[ ] Updated GitHub Secrets with new token in the repo, using naming convention.
[ ] Updated code with new GitHub Secrets name
[ ] Tested the new token works
[ ] Deleted DNS_FORMS_CREATE_ISSUES from moj-operations-engineering-bot account.
User Need
As a member of the operations engineering team, I want to organise and secure the GitHub personal access tokens in the
moj-operations-engineering-bot
account, so that we can reduce risks, improve clarity, and align with best practices in token management.Value
Properly managing these tokens will significantly reduce security risks by limiting their scope and improving their traceability. It will also streamline our processes by creating a clear and efficient method for future token creation and management.
Functional Requirements:
DNS_FORMS_CREATE_ISSUES
Classic token inmoj-operations-engineering-bot
account can be replaced with a Fine-grained token and replace if possible.Non-Functional Requirements:
Acceptance Criteria:
moj-operations-engineering-bot
account following ADR 020, scope limited to repo, least permissions required, 1 year expiration, and follows naming convention.DNS_FORMS_CREATE_ISSUES
frommoj-operations-engineering-bot
account.Notes:
See here for examples of replacing other Classic tokens with Fine-grained tokens