SSH key rotation

  1. Generate a new key in /root/keyholder. Suggested naming convention is l10n-bot-YYYY. Protect the key with a passphrase and it it to the vault
  2. Make a commit like
  3. Manually restart and arm keyholder-agent and keyholder-proxy
  4. Confirm that it works, the order of restarting can be fiddly
  5. Replace ssh key in all forges
  6. Remove the old key