mozilla-services / autograph

Mozilla's digital signature service
https://hub.docker.com/r/mozilla/autograph/
Mozilla Public License 2.0
152 stars 34 forks source link

monitor and warn for unused keys and disable them after N days #137

Open g-k opened 6 years ago

g-k commented 6 years ago

refs: signing meetings notes for 2018-09-10 and https://bugzilla.mozilla.org/show_bug.cgi?id=1471730

First for autograph-edge then for autograph though this might need to wait on HSM migration in case ops are signing things locally.

jvehent commented 6 years ago

@ameihm0912 How hard would it be to do an inverse lastx in hindsight and alert when a given event is not seen for 90 days?

jvehent commented 6 years ago

Or maybe that's something we do in datadog? @milescrabill : any thoughts?

ameihm0912 commented 6 years ago

@jvehent it wouldn't be too bad, we'd just have a timer event that runs on an interval, scans the last time it was seen and creates an event if required