Skip to content
Holden

Rotating webhook secret

When: Webhook signatures may have been forged.

Impact: Webhook verification will use a new secret. Lowest-impact rotation.

Steps

Section titled “Steps”

  1. Update the HOLDEN_WEBHOOK_SECRET environment variable on the Holden container with a new value.

  2. Restart Holden:

    Terminal window
    docker restart holden

  3. Update the webhook secret in GitHub/GitLab/etc. to match the new value.

No downtime required. Apps continue running normally.