There is no documented plan for credential rotation of GitHub App private keys. This applies to both complytime-bot (peribolos) and safe-settings-bot (safe-settings), and potentially other apps used across the org.
This should be addressed at scale rather than per-app:
- Define a rotation cadence (e.g., annual)
- Document the rotation procedure (generate new key, update secret, verify workflow, revoke old key)
- Consider automating rotation reminders
Context: PR #114 review feedback from @jpower432.
There is no documented plan for credential rotation of GitHub App private keys. This applies to both
complytime-bot(peribolos) andsafe-settings-bot(safe-settings), and potentially other apps used across the org.This should be addressed at scale rather than per-app:
Context: PR #114 review feedback from @jpower432.