Credential Rotation

Eventually you will need to rotate your credentials to make sure everything remains secure. This guide outlines best practices you can use to update the parameters ( aka inputs ) to your actions without disruption.

Why rotate credentials?

It is possible your credentials were leaked somehow, either by appearing in a errant log, or maybe a developer has left the team ... and it is just good practice to periodically rotate them. because security

How to rotate credentials

In order to update the inputs for a particular action we use the aio runtime action update command.

Copied to your clipboard
➜ aio runtime action update <action-name> --param <param-name> <param-value>
# here's a concrete version
➜ aio rt action update dx-excshell-1/generic -p=DEBUG silly
# you can specify multiple values in several ways
# firstly, just a list of key value pairs
➜ aio runtime action update <action-name> --param <param-name> <param-value> <param-name> <param-value> <param-name> <param-value>
# secondly, you can use the --param flag more than once .. here we use the shortened version -p
➜ aio rt action update <action-name> -p <param-name> <param-value> -p <param-name> <param-value> -p <param-name> <param-value>

Using a parameters file ( JSON )

You can also put your input values in a json file instead of typing them all into the command line. This applies to both aio runtime action update and aio runtime package update

Copied to your clipboard
# actionInputs.json
{
"actionCredential": "value from actionInputs.json"
}
➜ aio runtime action update <action-name> --param-file=<value>
# concrete example
➜ aio runtime action update dx-excshell-1/generic --param-file=actionInputs.json