HansMarcus01 opened a new pull request, #39116: URL: https://github.com/apache/beam/pull/39116
This pull request introduces automation for auditing and verifying Google Cloud service accounts that haven't been rotated using GitHub Actions. It adds a new workflow that detects keys generated outside the rotation system, updates the documentation to reflect this automation, and manages it through a GitHub Action to reflect the current status of the keys. These changes help ensure the rotation system is being used, which helps maintain a clean and secure environment. ## Automation and Workflow Integration: - **Daily Scheduled Audit**: Added (`.github/workflows/beam_Infraestructure_AuditUnmanagedKeys.yml`), a new GitHub Action workflow scheduled to run daily to continuously monitor GCP service account keys. ## Documentation Updates: - **GitHub Actions Integration**: Updated the README.md to document the new Unmanaged Keys Audit workflow and its daily scheduling. - **Account Keys Features**: Added detailed descriptions of the new capabilities, including Unmanaged Key Detection, Stateful Security Alerts, and Self-Healing Resolution. - **Announce Action Behavior**: Clarified how the `--action announce` flag handles general configuration errors versus critical security alerts (rogue keys). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
