We'd like to upload the SSL private key and cert for *.allizom.org to a Heroku instance on behalf of a user request. Does Heroku implement this in a safe manner, such that once an SSL private key is uploaded, it cannot be downloaded by any admin?
Component: Operations Security (OpSec): Investigation → Investigation
Product: mozilla.org → Enterprise Information Security
Version: other → unspecified
Any update here?
Just heard back from Heroku. The ssl key actually ends up in an amazon ELB where it cannot be recovered. In addition they attest that no admin from Heroku has access to the private key before or after reaching the ELB.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.