I thought that said nude, so that's significantly less worrying. On Tue, Apr 28, 2015 at 2:01 PM, semi-nube <[email protected]> wrote:
> Indubitably. Always pulling from config. I'm not as "Semi-nube" as I > used to be. ;) > > On Tuesday, April 28, 2015 at 1:58:47 PM UTC-7, Robbie wrote: >> >> However it should be noted that if you've hard copied these values >> anywhere in your app those won't be updated. As a general practice you >> shouldn't do that and you should always pull them where possible from >> config. >> >> On Tue, Apr 28, 2015 at 1:57 PM, Robbie Thng <[email protected]> wrote: >> >>> Yes, the config vars defined in their docs ( >>> https://devcenter.heroku.com/articles/sendgrid) are the ones they have >>> the power to rotate. >>> >>> On Tue, Apr 28, 2015 at 1:37 PM, semi-nube <[email protected]> wrote: >>> >>>> That's good to know. Is it safe to assume Heroku will update our >>>> SendGrid password stored in our apps' config variables for us, then? >>>> >>>> Thanks. >>>> >>>> On Tuesday, April 28, 2015 at 1:24:56 PM UTC-7, Robbie wrote: >>>>> >>>>> Hi, >>>>> >>>>> We've been talking with Sendgrid about this since we found out. >>>>> >>>>> Part of using the add-on integration with Heroku means that the vendor >>>>> (in this case Sendgrid) are able to rotate the credentials on user apps >>>>> without informing the user if required, this would mean very little chance >>>>> of downtime for your app and a quick resolution with little worry. >>>>> >>>>> Sendgrid did not do this instantly due to further investigation on >>>>> their side, we have spoken to them this morning and they have assured us >>>>> that they will carry out the cred roll soon. We expect them to fulfill >>>>> this >>>>> and if it is not done within a timely manner, or to a standard that we >>>>> require to assure us of customer protection then we will reach out to >>>>> customers separately. >>>>> >>>>> On Tue, Apr 28, 2015 at 11:49 AM, semi-nube <[email protected]> >>>>> wrote: >>>>> >>>>>> According to SendGrid's blog post here >>>>>> <https://sendgrid.com/blog/update-on-security-incident-and-additional-security-measures/?utm_content=buffer88081&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer>, >>>>>> users should reset their passwords due to a recent security breach where >>>>>> "a >>>>>> SendGrid employee’s account had been compromised by a cyber criminal and >>>>>> used to access several of our internal systems on three separate dates in >>>>>> February and March 2015." >>>>>> >>>>>> ...and from their status page: "If you have an account through one of >>>>>> our reseller partners, look for specific communication from that partner. >>>>>> Many partners like Heroku, Appdirect, Engineyard and Softlayer will make >>>>>> the update seamlessly on your behalf." >>>>>> >>>>>> I see no mention of this on the Heroku blog. What's the status of >>>>>> this situation at Heroku? >>>>>> >>>>>> -- >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Heroku" group. >>>>>> >>>>>> To unsubscribe from this group, send email to >>>>>> [email protected] >>>>>> For more options, visit this group at >>>>>> http://groups.google.com/group/heroku?hl=en_US?hl=en >>>>>> >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Heroku Community" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Heroku" group. >>>> >>>> To unsubscribe from this group, send email to >>>> [email protected] >>>> For more options, visit this group at >>>> http://groups.google.com/group/heroku?hl=en_US?hl=en >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Heroku Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >> -- > -- > You received this message because you are subscribed to the Google > Groups "Heroku" group. > > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/heroku?hl=en_US?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "Heroku Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message because you are subscribed to the Google Groups "Heroku" group. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en --- You received this message because you are subscribed to the Google Groups "Heroku Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
