Process of Credentials Recycling

Created

Apr 8, 2022 8:17 AM

Department

Engineering

When should we recycle credentials?

The credentials should be recycled when they are exposed.
The exposing credentials can be done mistakenly by committing the particular credentials in the commit(GitHub) or some other version control. Example:

If the developer working in any public repository or any other Open Source project, unknowingly exposed the credentials in any of his commits, the code which he committed can be viewed by anyone, and he/she can misuse the credentials from which we exposed.
At this case, the credentials should be recycled.

The Credentials should be recycled when the developer loses the credentials. Example:

When the developer uses rails encrypted credentials feature, It needs a master key to encrypt the credentials.
When we lose the master key there is no way to recover our credentials back, if we don’t know what are the credentials we used to encrypt.

The Credentials should be recycled when we suspect any unauthorized person uses our credentials. Example:

If the monthly bill of our postmark is increased suddenly, we should run a diagnosis if some unwanted emails were gone, if it is confirmed then our credentials got exposed in any form.
At this stage process of recycling the credentials is the safe way. After following the above mentioned step, the better way to check how the keys got exposed if it is not found then recycling of credentials won’t help.

The Process of recycling the credentials is important when the developer quits the job, the one who works on that project may know the credentials which he worked.
He might misuse the credentials or accidentally he may use our project credentials in some other Open Source project.
In this case, it is safe to recycle the credentials at the time when the developer quits.

There are mainly three cases to be noticed at the time we regenerate the credentials

In the first case, we can generate new credentials, even though the old key will still be active.

In this case, we need to send an email to all the team members and the client to inform them that the key has been changed in this {product} in {project}. Then set a deadline to use the old key then ask the other team members and client to confirm is it ok to delete the old key within a week and a particular time. eg. 31/12/2019 at 10.00
If everyone accepts then the old key can be deleted on the date which you set.

In the second case we can only use one credential at a time, In this case, if we generate a new secret id or secret key we need to inform the other users who were using the old one because the old one became invalid if we generate the new credentials.

In this case, we need to send an email to all the team members and the client to inform them that the new key is going to be generated in this {product} which we using in this {project}. Then set a deadline to generate a new key and then ask the other team members and client to confirm to generate a new key within a week and a particular time. eg. 31/12/2019 at 10.00
If everyone accepts then generate the new key and share it with the team members and client.
Then the old credentials should be replaced by the new ones all over projects where we used.

In the third case if our key is exposed and if some hacker is using our key, in this type of case send an email to other team members and clients to inform them that we are going to generate a new key.
At last, we can generate a new key and replace them only at the time of emergency. Example:

If the hacker got our AWS access key and creates multiple servers in it, no problem you can still wait for other team members’ approval by sending an email.
But in this case when a hacker messes with our platform, and our platform goes down then only it's time to change the key without any prior notification. Example:

RazorPay has only one valid id and key at a time.
Secret keys are visible only at the time of key generation. If you have already generated your keys and do not remember your secret key, you will need to re-generate the keys from the Dashboard and replace them in your integration code.

To recycle the credentials just generate a new key and replace it everywhere in the project instead of the old one.

After replacing the new credentials with the old ones just test in the code whether the newly generated key works.

The major procedure to follow in the process of recycling the credentials is to remove the old key from the projects and from the third-party apps.
Deleting the old key from the third-party apps is important after generating the new one because the old keys still have access to the app. Example:

Postmarkapp will allow multiple keys to be inactive, if someone exposes some old key in any other open-source, the intruder can use the postmarkapp with our old key, It is safe to remove old keys from the apps and from the codebase.

In some other cases when we are testing the code base before deleting the old credentials after generating the new credentials, the function may work due to the old credentials, that’s why it's safe to test after deleting the old credentials too.

It's a good process to log the time and date of when we recycled the credentials in which project.
For this process, we can use Atlassian Confluence
Click on the + icon on the left side dashboard.
Then select the project name from the dropdown called select space.
After that select blank page options from the menu and click create button.
Then name the page as Log for recycling credentials. create a table with two columns and name them as Product name and Last changed date.
Then log the product name and the date when the key is changed.
Then go to the right side top corner of the page there you’ll find publish option click that option to display your changes in public.
So now we know when to recycle the credentials next time.