Add RUNBOOK instructions to check access tokens about to expire
Context
Closes #369 (closed)
What does this MR do?
Adds an entry to check whether tokens will expire in the next 30 days.
We use the op read
command (the 1password CLI tool) to get secrets from 1password directly
What's the plan to use it?
I'll add a reminder in Slack every month in the EP Slack channel.
This is the simple solution. I thought about creating a ruby script for this, as well as running it from the CI regularly, but:
- We need to write/maintain those
- Checking regularly will do nothing most of the times (assuming a 2-hour scheduled pipeline here)
- We need to again store credentials in CI variables, which I'm not a fan of (and this time, powerful-enough credentials to be able to fetch personal access tokens for
@gitlab-bot
project access tokens)
Please let me know if you see a better way of doing this!