← knowledge.oriz.in

Secrets — envpact only, never in chat

policy policysecretssecurityenvpact

Secrets — envpact only, never in chat

The policy

Every credential the family uses is fetched from envpact at deploy time or build time; secrets never appear in source code, in chat transcripts, or in commit messages, and any leak triggers immediate revoke + rotate.

Scope

Rules

Exceptions

Annual review

Not on the annual cycle — secret rotation is event-driven (on leak, on credential expiry, on team change). The auth-setup runbook carries the rotation procedure.

Cross-refs