Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rotate NewRelic license key #4580

Closed
1 task done
FuhuXia opened this issue Jan 5, 2024 · 4 comments
Closed
1 task done

Rotate NewRelic license key #4580

FuhuXia opened this issue Jan 5, 2024 · 4 comments
Labels
bug Software defect or bug compliance Relating to security compliance or documentation

Comments

@FuhuXia
Copy link
Member

FuhuXia commented Jan 5, 2024
edited
Loading

Date of report: 2024-01-05
Severity:
Due date: now

Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.

  • Analysis has been performed and an issue has been linked to address other occurrences for this class of vulnerability* (link)

* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.

Brief description

NewRelic license key was compromised. Not a security risk but we d like to rotate it now.
@FuhuXia FuhuXia added compliance Relating to security compliance or documentation bug Software defect or bug labels Jan 5, 2024
@FuhuXia
Copy link
Member Author

FuhuXia commented Jan 5, 2024

Our NewRelic key is set as cf app environment valiable in three (prod, staging, development) management spaces.

@FuhuXia
Copy link
Member Author

FuhuXia commented Jan 5, 2024
edited
Loading

Added a new key named cloud.gov app log and used it for all cloud.gov logger shippers.
But the compromised one is the original account license key, per the doc, it can only be rotated by NR support.

https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#rotate-license-key

@FuhuXia
Copy link
Member Author

FuhuXia commented Jan 5, 2024

NR Case #00178894 was created to request key rotation.

@FuhuXia
Copy link
Member Author

FuhuXia commented Jan 8, 2024

NR supported completed the rotation of the original account license key. This ticket can be closed.

@FuhuXia FuhuXia closed this as completed Jan 8, 2024
@Jin-Sun-tts Jin-Sun-tts mentioned this issue Jan 8, 2024
Closed
12 tasks
@hkdctol hkdctol moved this from ✔ Done to 🗄 Closed in data.gov team board Jan 18, 2024
@FuhuXia FuhuXia mentioned this issue Jan 22, 2024
Closed
@FuhuXia FuhuXia mentioned this issue Jan 17, 2025
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Software defect or bug compliance Relating to security compliance or documentation
Projects
data.gov team board
Archived in project
Milestone
No milestone
Development

No branches or pull requests
1 participant
@FuhuXia