Skip to content

Commit 3bea7cc

Browse files
committed
docs: add steps for rotating GitHub tokens
--- type: pre_commit_static_analysis_report description: Results of running static analysis checks when committing changes. report: - task: lint_filenames status: passed - task: lint_editorconfig status: passed - task: lint_markdown status: passed - task: lint_package_json status: na - task: lint_repl_help status: na - task: lint_javascript_src status: na - task: lint_javascript_cli status: na - task: lint_javascript_examples status: na - task: lint_javascript_tests status: na - task: lint_javascript_benchmarks status: na - task: lint_python status: na - task: lint_r status: na - task: lint_c_src status: na - task: lint_c_examples status: na - task: lint_c_benchmarks status: na - task: lint_c_tests_fixtures status: na - task: lint_shell status: na - task: lint_typescript_declarations status: na - task: lint_typescript_tests status: na - task: lint_license_headers status: passed ---
1 parent ca3d958 commit 3bea7cc

File tree

1 file changed

+50
-0
lines changed

1 file changed

+50
-0
lines changed
Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
<!--
2+
3+
@license Apache-2.0
4+
5+
Copyright (c) 2025 The Stdlib Authors.
6+
7+
Licensed under the Apache License, Version 2.0 (the "License");
8+
you may not use this file except in compliance with the License.
9+
You may obtain a copy of the License at
10+
11+
http://www.apache.org/licenses/LICENSE-2.0
12+
13+
Unless required by applicable law or agreed to in writing, software
14+
distributed under the License is distributed on an "AS IS" BASIS,
15+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+
See the License for the specific language governing permissions and
17+
limitations under the License.
18+
19+
-->
20+
21+
# Rotating GitHub Tokens
22+
23+
> A guide for rotating GitHub Personal Access Tokens (PATs) used by the stdlib project.
24+
25+
This document outlines the process for rotating GitHub Personal Access Tokens (PATs) used by the stdlib project.
26+
27+
## Frequency
28+
29+
Tokens should be rotated every 90 days to maintain security best practices.
30+
31+
## Procedure
32+
33+
1. Sign into GitHub with the `stdlib-bot` account. Credentials are stored in BitWarden under the "GitHub stdlib-bot" item of the "stdlib" team vault.
34+
35+
2. Go to <https://github.com/settings/personal-access-tokens> and <https://github.com/settings/tokens> to renew all tokens for 90 days.
36+
37+
3. Note down all new token values.
38+
39+
4. Update all the tokens in the "GitHub PAT Tokens" BitWarden item to their new values and update the "Expiration Date" custom field to the new expiration date.
40+
41+
5. Update the respective tokens in the following repositories:
42+
- <https://github.com/stdlib-js/stdlib/settings/secrets/actions>
43+
- <https://github.com/stdlib-js/www-test-code-coverage/settings/secrets/actions>
44+
- <https://github.com/stdlib-js/www-status/settings/secrets/actions>
45+
- <https://github.com/stdlib-js/todo/settings/secrets/actions>
46+
47+
## Notes
48+
49+
- Ensure the new tokens have the same scope/permissions as the previous ones.
50+
- Verify all GitHub Actions are working correctly after the token rotation.

0 commit comments

Comments
 (0)