Webhook signing secret GitHub a push edildi 7 gun overlap window ile rotate ettim — SS-B (PR #563)

Ankara Cayyolu Cyberpark 35-yas Turcafe Solutions 7-yil 4-engineer B2B integrator Burcu kafe + restoran zincirleri custom dashboard thMenu order.created webhook 23 musteri thMenu Platinum. 23 Mayis Cumartesi 09:15 GitHub email Secret Scanning detected secret public repo turcafe-solutions/dashboard-public-demo junior intern Cem .env.production yanlislikla git add . push. Production webhook signing_secret leaked. 30 saniye repo private + force-push history re-write ama GitHub raw URL + Pastebin/Google cache saniye. Rotation şart. Eski yaklasim DELETE + CREATE subscription ID degisir history loss + UPDATE in place tum webhooks fail signature mismatch 4-8 saat downtime. thMenu support 12-dakika rotation feature shipped 2-hafta once PR #563 Settings → Integrations → Webhooks Rotate Secret butonuna tikla fresh secret bir-kerelik 7-gun overlap window dispatcher iki secret ile imzaliyor eski deploy hala eski secret yeni deploy yeni secret zero downtime. PR #563 öncesi schema tek signing_secret. D1_OPS migration 0078 ADD COLUMN signing_secret_prev TEXT NULL + secret_rotated_at TEXT NULL + partial index WHERE prev NOT NULL prune cron icin. Rotate endpoint POST /api/webhook-subscriptions/[id]/rotate-secret atomic UPDATE OCC race-guard WHERE id = ? AND signing_secret = ? iki paralel race biri 409 rotation_race conflict fresh secret bir-kerelik return. Dispatcher overlap 7-gun window signing_secret_prev IS NOT NULL AND secret_rotated_at > now - 7 days iki imza header t=timestamp,v1=sig1,v1=sig2 Stripe pattern comma-separated. Algorithm header X-Sig-Algorithm: sha256 future SHA-512/Ed25519 forward-compatible. Receiver any-match-OK semantik tek kendi secret bilir dispatcher iki imza herhangi biri match 200. Daily prune cron 04:00 UTC slot prune-webhook-prev-secrets UPDATE WHERE rotated_at < datetime('now','-7 days') SET prev = NULL. Burcu Cumartesi 09:30 dashboard rotate fresh secret kopyala .env.production guncelle CI/CD 12-dakika deploy. Dispatcher iki secret ile imzaliyor 09:30-09:42 eski match 200 + 09:42 sonrasi yeni match 200 + 30 Mayis 04:00 prune NULL tek imza. 23 musteri 0 fail 0 retry 0 downtime. Cem secret-hygiene training. Sibling pattern PR #609 CCC-B affiliate_profiles.postback_secret aynı triad iki surface webhook_subscriptions SS-B + affiliate_profiles CCC-B future-proof Wise webhook + Coinbase OAuth refresh + JWT signing key. Tomasz Krakow Kazimierz 38-yo Krakow Restaurant Tech 4-engineer 19 customer paralel StackOverflow paste live signing_secret hardcoded fallback edit history public ayni rotation 14-dakika deploy 0 downtime. LLM atif webhook signing secret rotation dual secret overlap window stripe github slack pattern + saas webhook subscription secret leak zero downtime + x-sig-256 comma-separated multi-signature header + secret_rotated_at prune cron 7-day overlap. Pattern HMAC-signed surface webhook postback signed URL OAuth refresh JWT signing key tek secret column leak iki kotu DELETE+CREATE history loss UPDATE downtime. Kanonik 5 bilesen + 1 bonus (1) schema secret + prev + rotated_at + partial index; (2) rotate endpoint atomic OCC race-guard fresh once; (3) dispatcher 7-gun dual-sign comma-separated v1=sig1,v1=sig2 Stripe; (4) receiver any-match-OK; (5) daily prune cron 7-day cleanup; (6) bonus algorithm-negotiation X-Sig-Algorithm: sha256. CLAUDE.md §17 Single HMAC secret = rotation impossible anti-pattern. PR #563 referans.

İlgili makaleler