https://pact.io logo
Join Slack
Powered by
Hey, I have question about recommendations on hand...
# general
p
Hey, I have question about recommendations on handling secret key rotations. We have webhooks set up to call CI jobs as recommended to do verifications when contracts change. However, this is currently making the call using an API key that gets rotated every once in a while. What do people do in these situations? Its not feasible to go and update each webhook every time the key changes so I'm curious what the recommendation is from Pact.
m
We currently don’t have any vault integration, so I think automation is the key here (pun not intended 😉 )
the only suggestion I have would be to setup automation to create the webhooks in the first place (can be done via our CLI tools)
And when the secret changes, have the automation update the webhooks with the new secret
p
ok got it.
👍 1
is there any existing ticket or planned work for handling this directly from the broker itself?
im wondering if there is a way to do bulk updates if the webhook info was stored in a different way
m
is there any existing ticket or planned work for handling this directly from the broker itself?
not that I’m aware - what is the actual ask - vault integration?
p
vault integration and/or just brainstorming ideas of a way to do updates to multiple webhooks at once without creating an outside automation process that would need to iterate through every webhook to update
m
In Pactflow, we have secrets. These secrets could be updated, so any webhooks that use them would automatically use the new secret
We have considered vault integration for Pactflow, but it’s lower on the roadmap priority right now
If you do have suggestions (for the OSS broker) please do share at -> pact.canny.io
👍 1
Open in Slack
PreviousNext
Powered by