WingNews logo WingNews
top | item 29101456

(no title)

brokenwren | 4 years ago

I completely agree. But even at 15 or 30 days, it's too long. The only way to protect a key would be to rotate it every day or every hour.

discuss

order

detaro|4 years ago

It's steps. E.g. if it's every 15 days, it at least pushes you to the point of automating it (HOPEFULLY) and the app managing it internally - that already helps against stupid shit like "someone put it in code/pushed a config file/... to a repo that later got compromised". Similarly, every X months is still a gain over keys sticking around many years. But yes, at the same time, if you get to have a reliable automated flow there is little reason to not run it with higher frequency.

brokenwren|4 years ago

So, do you know of anyone that has written this type of thing up? I'd love to have some fodder when having these types of discussions. :)