Rotate Github App Private Keys#
Releng uses Github Apps for authentication in a variety of places. This page outlines how to rotate the private keys associated with a Github App that are used to generate an app installation token.
Steps to Rotate#
Open organizations/mozilla-releng and click
Edit
next to the app you are rotating.Scroll down to the
Private Keys
section and click theGenerate a private key
button. This will prompt a download of the private key and associate the public key with the app.Verify the downloaded private key matches the public key in Github by following these steps.
Update the appropriate places with the new private key:
releng-treescript
- Key should go in relengworker SOPS (base64 encoded). E.g:cat path/to/private-key.pem | base64 -w0 | xclip
Back in the app settings, press
Delete
on the old key(s) you are rotating.