Skip to content
varsafe
Esc
navigateopen⌘Jpreview
On this page

Operations Guide

Operational reference — secret rotation, version history and rollback, key management, audit events, retention, exports, and incident response.

Day-two operations for teams running on varsafe: rotating secrets, recovering from bad changes, managing keys and tokens, and getting audit data out. Procedures assume the role required for the action (roles reference).

Secret Rotation

Why Rotate?

  • Compromised credentials
  • Employee departure
  • Regular security hygiene
  • Compliance requirements

Rotation via Dashboard

Requires: developer role or above (owner/admin in protected environments).

  1. Navigate to Secrets
  2. Select the project and environment
  3. Click the rotate icon next to the secret
  4. Either let varsafe auto-generate a new value or enter one manually
  5. Review the preview step
  6. Confirm rotation

The old value is immediately replaced, and a secret.rotated audit event is recorded. Applications using varsafe run receive the new value on their next start.

Rotation via CLI

For scripted rotation, set the new value directly:

varsafe set DATABASE_URL "postgres://new-value" -p my-api -e production

Rotation Best Practices

CSV Export

  1. Navigate to Audit Log
  2. Apply any filters needed
  3. Click Export CSV

Alert-Worthy Events

Configurable alerting is not currently exposed in the dashboard — review the audit log (or feed exports into your SIEM) and watch for:

Compromised Account

Compromised API Token


Troubleshooting

Authentication required
varsafe login
Permission denied

Check:

  1. Team membership exists (and is not deactivated)
  2. The role permits the action (roles reference)
  3. The environment is not protected (developers get read-only access there; viewers none)
Project not found

Either:

  1. Create the project in the dashboard
  2. Use varsafe use to set context
  3. Specify with the -p flag
Rate limited

Wait and retry. If persistent:

  1. Check for automation running too frequently
  2. Contact support for a limit increase