generated from coulomb/repo-seed
46 lines
1.3 KiB
Markdown
46 lines
1.3 KiB
Markdown
# Pattern: Token Revocation Sweep
|
|
|
|
Status: seed
|
|
Readiness target: RL3 production
|
|
Primary owners: NetKingdom, key-cape, flex-auth
|
|
Genesis family: Detection and response
|
|
|
|
## Problem
|
|
|
|
Credential compromise requires quickly invalidating related tokens,
|
|
sessions, keys, leases, and grants across multiple systems.
|
|
|
|
## Context
|
|
|
|
Use this pattern for user compromise, agent compromise, tenant incident,
|
|
OpenBao lease revocation, object-storage session exposure, and SSH
|
|
certificate containment.
|
|
|
|
## Forces
|
|
|
|
- Tokens may be issued by different systems.
|
|
- Some credentials expire naturally but still need immediate revocation.
|
|
- Revocation must target scope without disabling unrelated tenants.
|
|
- Audit and evidence must survive the sweep.
|
|
|
|
## Solution
|
|
|
|
Define revocation sweep procedures that identify affected actor, tenant,
|
|
credential class, session, lease, key, and token families, then revoke or
|
|
expire them through owning systems.
|
|
|
|
## Verification
|
|
|
|
- Sweep inputs can target actor, tenant, session, token class, and time
|
|
window.
|
|
- Revoked credentials fail at enforcement points.
|
|
- Sweep actions are logged with reason and operator.
|
|
- Follow-up rotation and user communication are tracked.
|
|
|
|
## Related Patterns
|
|
|
|
- Short-lived Credentials.
|
|
- Dynamic Secrets.
|
|
- STS Credential Vending.
|
|
- Incident Runbook Library.
|