|
| 1 | +<!-- |
| 2 | +
|
| 3 | +@license Apache-2.0 |
| 4 | +
|
| 5 | +Copyright (c) 2025 The Stdlib Authors. |
| 6 | +
|
| 7 | +Licensed under the Apache License, Version 2.0 (the "License"); |
| 8 | +you may not use this file except in compliance with the License. |
| 9 | +You may obtain a copy of the License at |
| 10 | +
|
| 11 | + http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | +
|
| 13 | +Unless required by applicable law or agreed to in writing, software |
| 14 | +distributed under the License is distributed on an "AS IS" BASIS, |
| 15 | +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 16 | +See the License for the specific language governing permissions and |
| 17 | +limitations under the License. |
| 18 | +
|
| 19 | +--> |
| 20 | + |
| 21 | +# Rotating GitHub Tokens |
| 22 | + |
| 23 | +> A guide for rotating GitHub Personal Access Tokens (PATs) used by the stdlib project. |
| 24 | +
|
| 25 | +This document outlines the process for rotating GitHub Personal Access Tokens (PATs) used by the stdlib project. |
| 26 | + |
| 27 | +## Frequency |
| 28 | + |
| 29 | +Tokens should be rotated every 90 days to maintain security best practices. |
| 30 | + |
| 31 | +## Procedure |
| 32 | + |
| 33 | +1. Sign into GitHub with the `stdlib-bot` account. Credentials are stored in BitWarden under the "GitHub stdlib-bot" item of the "stdlib" team vault. |
| 34 | + |
| 35 | +2. Go to <https://github.com/settings/personal-access-tokens> and <https://github.com/settings/tokens> to renew all tokens for 90 days. |
| 36 | + |
| 37 | +3. Note down all new token values. |
| 38 | + |
| 39 | +4. Update all the tokens in the "GitHub PAT Tokens" BitWarden item to their new values and update the "Expiration Date" custom field to the new expiration date. |
| 40 | + |
| 41 | +5. Update the respective tokens in the following repositories: |
| 42 | + - <https://github.com/stdlib-js/stdlib/settings/secrets/actions> |
| 43 | + - <https://github.com/stdlib-js/www-test-code-coverage/settings/secrets/actions> |
| 44 | + - <https://github.com/stdlib-js/www-status/settings/secrets/actions> |
| 45 | + - <https://github.com/stdlib-js/todo/settings/secrets/actions> |
| 46 | + |
| 47 | +## Notes |
| 48 | + |
| 49 | +- Ensure the new tokens have the same scope/permissions as the previous ones. |
| 50 | +- Verify all GitHub Actions are working correctly after the token rotation. |
0 commit comments