Rotate Github App Private Keys#
Releng uses Github Apps for authentication in a variety of places. This page outlines how to rotate the private keys associated with a Github App that are used to generate an app installation token.
Steps to Rotate#
Open organizations/mozilla-releng and click
Editnext to the app you are rotating.
Scroll down to the
Private Keyssection and click the
Generate a private keybutton. This will prompt a download of the private key and associate the public key with the app.
Verify the downloaded private key matches the public key in Github by following these steps.
Update the appropriate places with the new private key:
releng-treescript- Key should go in relengworker SOPS (base64 encoded). E.g:
cat path/to/private-key.pem | base64 -w0 | xclip
Back in the app settings, press
Deleteon the old key(s) you are rotating.