Secret Rotation

This document lists every secret KubeArchive uses in its processes that requires rotation.

Secrets should be rotated each twice a year (each 6 months): * January * July

KubeArchive Organization

Organization Secrets

  • OCI_PASSWORD: password for the robot account named after the variable OCI_USERNAME. Go to the KubeArchive’s Quay Organization and regenerate the token for the appropiate robot.

  • KUBEARCHIVE_BOT_SECRET: to be done.

  • KUBEARCHIVE_RENOVATE_PRIVATE_KEY: private key for the bot named kubearchive-renovate. Go to the kubearchive-renovate app page and generate a new client secret.