# Legacy Integration Secret Rotation

Status: active customer action.

Production now requires a dedicated `SECRET_ENCRYPTION_KEY`, encrypts legacy plaintext GitHub/Slack integration secrets on startup, and marks existing stored integration secrets for customer rotation until the owner resaves or removes them.

## Customer Steps

1. Open Projects.
2. For each project with a rotation warning, create a new Slack webhook or GitHub fine-grained token.
3. Paste the new value and save.
4. Delete the old Slack webhook or revoke the old GitHub token in the source system.
5. Confirm the warning disappears and the audit log records the integration update.