Skip to content

feat: Add automated monthly key rotation with cron sidecar #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
osiastedian wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: Add automated monthly key rotation with cron sidecar #34

osiastedian wants to merge 1 commit into from

Conversation

@osiastedian
Copy link
Collaborator

@osiastedian osiastedian commented Dec 15, 2025

Implements automated encryption key rotation for 2FA secrets using a docker-compose sidecar container with cron scheduling.

Features:

  • Monthly automated key rotation (1st of month at 2 AM UTC)
  • Automatic API container restart after rotation
  • Comprehensive logging and audit trail
  • Docker socket access for container management
  • Configurable schedule via crontab

Files added:

  • docker/cron/Dockerfile: Cron container image
  • docker/cron/crontab: Monthly rotation schedule
  • docker/cron/rotate-key-cron.sh: Rotation script wrapper
  • docker/cron/docker-compose.cron.yml: Service definition
  • docker/cron/README.md: Setup and troubleshooting guide

Security:

  • Read-write access to .env.api for key updates
  • Read-only docker socket access for restarts
  • Automatic backups before rotation
  • Rotation logs persisted to host

Related to: Encryption key management implementation (CRIT-001)

feat: Add automated monthly key rotation with cron sidecar
ba6d3bb 
Implements automated encryption key rotation for 2FA secrets using
a docker-compose sidecar container with cron scheduling.

Features:
- Monthly automated key rotation (1st of month at 2 AM UTC)
- Automatic API container restart after rotation
- Comprehensive logging and audit trail
- Docker socket access for container management
- Configurable schedule via crontab

Files added:
- docker/cron/Dockerfile: Cron container image
- docker/cron/crontab: Monthly rotation schedule
- docker/cron/rotate-key-cron.sh: Rotation script wrapper
- docker/cron/docker-compose.cron.yml: Service definition
- docker/cron/README.md: Setup and troubleshooting guide

Security:
- Read-write access to .env.api for key updates
- Read-only docker socket access for restarts
- Automatic backups before rotation
- Rotation logs persisted to host

Related to: Encryption key management implementation (CRIT-001)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@osiastedian