Knowledge Base
API DocsIntegrationsPagerDuty UniversityPagerDuty CommonsContact SupportMy Support Tickets

Security Hygiene for the Current Cyber Threat Landscape

Protecting your PagerDuty account requires securing your API keys, enforcing strong password policies, and using up-to-date transport protocols. This article covers the recommended steps for each area.

Secure Your API Keys

  • Store API keys using a secrets management tool. Do not embed keys in source code or shared files.
  • Do not store API keys in your application's source control tree. Take extra care with public source control systems such as GitHub, and do not copy keys to public sites such as pastebin.
  • Rotate API keys periodically.

Rotate an API Key

  1. Generate a new key from the administrative account.
  2. Update the new key in your applications and integrations.
  3. Remove the old key after all integrations have been updated.
📘

API Access Keys

For instructions on generating and managing API keys, see API Access Keys.

Use Strong Passwords

  • Use unique, secure passwords on all accounts.
  • Use a password manager to store passwords securely.
  • If your plan supports it, configure SSO on your account. See Single Sign-On.

Use TLS 1.2 or 1.3

  • Use TLS 1.2 or TLS 1.3 as your primary transport protocols. These versions provide modern authenticated encryption.
⚠️

Older TLS Versions

TLS 1.1 and earlier have publicly disclosed protocol vulnerabilities. Do not use these versions.

Updated 6 days ago