Indubitably. Always pulling from config. I'm not as "Semi-nube" as I used to be. ;)
On Tuesday, April 28, 2015 at 1:58:47 PM UTC-7, Robbie wrote: > > However it should be noted that if you've hard copied these values > anywhere in your app those won't be updated. As a general practice you > shouldn't do that and you should always pull them where possible from > config. > > On Tue, Apr 28, 2015 at 1:57 PM, Robbie Thng <[email protected] > <javascript:>> wrote: > >> Yes, the config vars defined in their docs ( >> https://devcenter.heroku.com/articles/sendgrid) are the ones they have >> the power to rotate. >> >> On Tue, Apr 28, 2015 at 1:37 PM, semi-nube <[email protected] >> <javascript:>> wrote: >> >>> That's good to know. Is it safe to assume Heroku will update our >>> SendGrid password stored in our apps' config variables for us, then? >>> >>> Thanks. >>> >>> On Tuesday, April 28, 2015 at 1:24:56 PM UTC-7, Robbie wrote: >>>> >>>> Hi, >>>> >>>> We've been talking with Sendgrid about this since we found out. >>>> >>>> Part of using the add-on integration with Heroku means that the vendor >>>> (in this case Sendgrid) are able to rotate the credentials on user apps >>>> without informing the user if required, this would mean very little chance >>>> of downtime for your app and a quick resolution with little worry. >>>> >>>> Sendgrid did not do this instantly due to further investigation on >>>> their side, we have spoken to them this morning and they have assured us >>>> that they will carry out the cred roll soon. We expect them to fulfill >>>> this >>>> and if it is not done within a timely manner, or to a standard that we >>>> require to assure us of customer protection then we will reach out to >>>> customers separately. >>>> >>>> On Tue, Apr 28, 2015 at 11:49 AM, semi-nube <[email protected]> >>>> wrote: >>>> >>>>> According to SendGrid's blog post here >>>>> <https://sendgrid.com/blog/update-on-security-incident-and-additional-security-measures/?utm_content=buffer88081&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer>, >>>>> >>>>> users should reset their passwords due to a recent security breach where >>>>> "a >>>>> SendGrid employee’s account had been compromised by a cyber criminal and >>>>> used to access several of our internal systems on three separate dates in >>>>> February and March 2015." >>>>> >>>>> ...and from their status page: "If you have an account through one of >>>>> our reseller partners, look for specific communication from that partner. >>>>> Many partners like Heroku, Appdirect, Engineyard and Softlayer will make >>>>> the update seamlessly on your behalf." >>>>> >>>>> I see no mention of this on the Heroku blog. What's the status of >>>>> this situation at Heroku? >>>>> >>>>> -- >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Heroku" group. >>>>> >>>>> To unsubscribe from this group, send email to >>>>> [email protected] >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/heroku?hl=en_US?hl=en >>>>> >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Heroku Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Heroku" group. >>> >>> To unsubscribe from this group, send email to >>> [email protected] <javascript:> >>> For more options, visit this group at >>> http://groups.google.com/group/heroku?hl=en_US?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Heroku Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> > -- -- You received this message because you are subscribed to the Google Groups "Heroku" group. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en --- You received this message because you are subscribed to the Google Groups "Heroku Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
