shaidar
commented
1 year ago What is referenced in our repos and we refer to as MAILGUN_KEY (ex. here) is in fact the "HTTP webhook signing key" and not the "Verification public key" which is being replaced by Mailgun's new API key management feature.
Based on looking through a few of our repos, we currently do not use that feature in Mailgun and rely on Django's validators for that functionality (example from mitxonline).
At this point, I don't believe there's anything for us to do on this issue.
Description/Context
Mailgun has added some new security features to its API keys. We should consider upgrading our keys.
Plan/Design
tbd