I'm curious about how you all manage the rotation of security keys, like API keys. Is there a tool you use that sends reminders via Slack or email when a key is about to expire? Or do you just rely on setting calendar invites and crossing your fingers? I feel like there's gotta be a more efficient solution than just using a spreadsheet, but maybe I'm just overcomplicating things.
3 Answers
Delinea Secret Server is a solid option. It helps manage the secrets you need without a ton of hassle.
It’s really about setting up some sort of monitoring and automation. We use PRTG where we create sensors that notify us 90 days before a key expires, and then it becomes critical 30 days out, so no surprises there.
I automate the rotation with PasswordState. When you add a password, you can set it to auto-rotate at your defined interval. It runs a PowerShell script to update the password across all services linked to it, which is super convenient, especially when dealing with bulk password changes like when someone leaves the team.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures