Secrets and CI setup

Where GitHub Actions (or other runners) store Keys-related material, how rotation works, and when to use staging vs production-adjacent Keys projects for tests.

Parallels the Keys Staging and CI setup topic: name secrets consistently, document where each value comes from, and separate nightly from per-PR jobs if cost or flake demands it. Keys dashboard naming lives in Keys docs; for what the Testing runner reads from the job environment (e.g. RESTORMEL_GATEWAY_KEY), see Keys integration.

← Verification strategy · CI guide

Agent prompts

Optional: use these with a coding agent to implement this phase in your repo in a safe, gated sequence. Expand only when you need them.

  1. Inventory all GitHub Actions secrets used for Keys; map each to Keys dashboard concepts.
  2. Document rotation: who owns it, how often, and which jobs break if a secret expires.
  3. Propose staging vs prod Keys project usage for PR checks vs nightly full suites.