However it should be noted that if you've hard copied these values anywhere in your app those won't be updated. As a general practice you shouldn't do that and you should always pull them where possible from config.
On Tue, Apr 28, 2015 at 1:57 PM, Robbie Thng <[email protected]> wrote: > Yes, the config vars defined in their docs ( > https://devcenter.heroku.com/articles/sendgrid) are the ones they have > the power to rotate. > > On Tue, Apr 28, 2015 at 1:37 PM, semi-nube <[email protected]> > wrote: > >> That's good to know. Is it safe to assume Heroku will update our >> SendGrid password stored in our apps' config variables for us, then? >> >> Thanks. >> >> On Tuesday, April 28, 2015 at 1:24:56 PM UTC-7, Robbie wrote: >>> >>> Hi, >>> >>> We've been talking with Sendgrid about this since we found out. >>> >>> Part of using the add-on integration with Heroku means that the vendor >>> (in this case Sendgrid) are able to rotate the credentials on user apps >>> without informing the user if required, this would mean very little chance >>> of downtime for your app and a quick resolution with little worry. >>> >>> Sendgrid did not do this instantly due to further investigation on their >>> side, we have spoken to them this morning and they have assured us that >>> they will carry out the cred roll soon. We expect them to fulfill this and >>> if it is not done within a timely manner, or to a standard that we require >>> to assure us of customer protection then we will reach out to customers >>> separately. >>> >>> On Tue, Apr 28, 2015 at 11:49 AM, semi-nube <[email protected]> >>> wrote: >>> >>>> According to SendGrid's blog post here >>>> <https://sendgrid.com/blog/update-on-security-incident-and-additional-security-measures/?utm_content=buffer88081&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer>, >>>> users should reset their passwords due to a recent security breach where "a >>>> SendGrid employee’s account had been compromised by a cyber criminal and >>>> used to access several of our internal systems on three separate dates in >>>> February and March 2015." >>>> >>>> ...and from their status page: "If you have an account through one of >>>> our reseller partners, look for specific communication from that partner. >>>> Many partners like Heroku, Appdirect, Engineyard and Softlayer will make >>>> the update seamlessly on your behalf." >>>> >>>> I see no mention of this on the Heroku blog. What's the status of this >>>> situation at Heroku? >>>> >>>> -- >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Heroku" group. >>>> >>>> To unsubscribe from this group, send email to >>>> [email protected] >>>> For more options, visit this group at >>>> http://groups.google.com/group/heroku?hl=en_US?hl=en >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Heroku Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> -- >> You received this message because you are subscribed to the Google >> Groups "Heroku" group. >> >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/heroku?hl=en_US?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "Heroku Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- -- You received this message because you are subscribed to the Google Groups "Heroku" group. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en --- You received this message because you are subscribed to the Google Groups "Heroku Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
