SSH key rotation

From translatewiki.net
Jump to navigation Jump to search
  1. Generate a new key in /root/keyholder. Suggested naming convention is l10n-bot-YYYY. Protect the key with a passphrase and it it to the vault
  2. Make a commit like https://gerrit.wikimedia.org/r/c/translatewiki/+/881425
  3. Manually restart and arm keyholder-agent and keyholder-proxy
  4. Confirm that it works, the order of restarting can be fiddly
  5. Replace ssh key in all forges
  6. Remove the old key