Skip to content

[Security] Develop Secret Rotation Policy for OSSAfrica Infrastructure #14

New issue
New issue
Open
Open
[Security] Develop Secret Rotation Policy for OSSAfrica Infrastructure#14
Assignees
kurtiz
Labels
documentationImprovements or additions to documentationgood first issueGood for newcomerssecuritySecurity-related issues or fixes
@kurtiz

Description

@kurtiz
kurtiz
opened on Feb 1, 2026

Objectives

​Draft a comprehensive Secret Rotation Policy that acts as the source of truth for all maintainers and contributors. The policy must balance security rigor with developer experience.

Requirements

​The draft policy must cover the following:
​Classification: Define distinct categories of secrets (e.g., Critical, High, Medium) based on impact.
​Cadence: Establish rotation schedules for each category (e.g., 90 days vs. 365 days).

Procedures:

​Guidelines for Automated Rotation (preferred).
​Step-by-step protocols for Manual Rotation.
​Incident Response: A clear "Break Glass" procedure for emergency rotation in case of a leak.
​Audit: A process for verifying compliance.
​Definition of Done (DoD)

  • Policy draft created and pushed to the repository (Governance or Security folder).
  • Review requested from the Core Team.
  • Feedback incorporated.
  • Policy merged and effectively communicated to all maintainers.

Metadata

Metadata

Assignees

Labels

documentationImprovements or additions to documentationgood first issueGood for newcomerssecuritySecurity-related issues or fixes

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions