Strait Docs
Operations

Runbook for authentication and authorization incidents.

Common Incident Types

  • sudden 401 spike (token/key validation issues)
  • sudden 403 spike (RBAC/policy misconfiguration)
  • audit event write failures

Triage Checklist

  1. Check recent auth/RBAC deployments and config changes.
  2. Inspect 401/403 rates and top failing routes.
  3. Confirm OIDC issuer/audience and key material.
  4. Validate permission-cache behavior and invalidation events.
  5. Verify DB health for audit event writes.

Mitigation

  • Temporarily roll back OIDC/RBAC changes.
  • Reapply known-good role/policy snapshots.
  • If needed, use internal-secret path for emergency admin actions.
Was this page helpful?
Edit on GitHub

API Key Rotation Rollout

Zero-downtime key rotation process with grace periods.

Contributing

Guidelines for contributing to Strait project.

On this page

Common Incident TypesTriage ChecklistMitigation