Read about the obligatory security measures to take on a regular basis and when a Kyma organization member leaves the project.
All Secrets used in the Prow production cluster must be changed every six months. Follow the Prow secret management guidelines to create new Secrets. Once the new Secrets are ready, the External Secrets Syncer changes all Secrets in the Prow cluster automatically.
NOTE: The next Secrets change is planned for October 1, 2020.
Make sure that jobs do not include any Secrets that are available in the output as this can lead to severe security issues.
When a Kyma organization member with access to the Prow cluster leaves the project, take the necessary steps to keep Kyma assets secure.
Remove the person from the kyma-prow Google project immediately. Follow this document to revoke necessary access.
Change all Secrets that were valid when the person was a project member. Follow the Prow secret management guidelines to create new Secrets. Once the new Secrets are ready, the External Secrets Syncer changes all Secrets in the Prow cluster automatically.