API Key Rotation Rollout — Strait Docs

Monitoring & Alerts OIDC Rollout RBAC Policy Rollout API Key Rotation Rollout AuthZ Incident Response

Operations

Zero-downtime key rotation process with grace periods.

Recommended Procedure

Rotate key with grace_period_minutes.
Deploy new key to all clients.
Observe traffic and auth failures.
Confirm no traffic uses old key.
Allow grace to expire (or explicitly revoke old key).

Verification

New key authenticates successfully.
Old key works only before grace_expires_at.
Audit events show api_key.rotate and any revoke actions.

Was this page helpful?

RBAC Policy Rollout

Safe rollout process for role inheritance, resource policies, and tag policies.

AuthZ Incident Response

Runbook for authentication and authorization incidents.

On this page

Recommended Procedure Verification