cds-snc/notification-planning

Automate revocation of GC Notify API keys detected in public github repos

Closed this issue · 2 comments

Description

As a Notify Security Dev, I need to be able to revoke an API key immediately if it is found in a public repo, so that I can ensure GC Notify isn't used by an unauthorized third party.

WHY are we building?

  • Increase the security of GC Notify

WHAT are we building?

  • API endpoint to automatically revoke an API key

VALUE created by our solution

  • Protect all of GC Notify by disabling API keys that were accidentally made public

Documentation and Artifacts

  • Create a secured/authenticated endpoint that allows for an API key to be revoked

Acceptance Criteria

  • Github or SRE is able to call this method when an API key is detected in a public repo
  • Generate an audit trail so invocations of this method can be tracked
  • Generate an alert when this method is called

Related Research Airtable records

  • (Ping Adrianne to add stuff here or find stuff yourself)

QA Steps

  • Tested in a realistic production scenario

@jzbahrai is this card redundant with the other one we have in progress now?

This is replica of #1377 so we will shut this ticket