How do I rotate credentials for my Heroku add-on?


I want to follow security best practices for rotating my add-on's credentials but I am unsure how.


To update your add-on manifest password and sso_salt, follow the steps in this article:

If your add-on service adds config vars containing sensitive values (secrets, API keys, auth tokens, etc.) to customers’ apps, follow the steps in this article to rotate credentials for all sensitive config var values for all apps that have installed your add-on:

If your add-on service processes application logs (i.e., declares syslog_drain in the requires section of the manifest), and your log drain URLs contain sensitive information (secrets, credentials, tokens, etc.), follow these steps to rotate log drain URLs:

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support