I just set up 22 projects and I’ve put an API key in each. It occurs to me that if I ever have to invalidate that access key/secret key, I’m going to have to go to 22 different projects to make the change. We’re microservice architecture, so before this is done, I’m going to have 200+ projects.
My question is:
a) What are best practices here? Should I have generated a new key pair for each build project? Or, should I have a different user for each build? How are people doing this?
b) Is there anyway to update credentials en masse?