david.delagneau/fidelity-ai-workspace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
73166b585fe2a25dea248ff4d621953a80b1d497
fidelity-ai-workspace/project-knowledge/02-work-items/pdiap-11961.md
david.delagneau 2a234701c5 Update work items and daily logs for project fidelity 
- Updated work items with new statuses, notes, and dependencies:
  - `PDIAP-15838` moved to Done, draft PR remains unmerged.
  - `PDIAP-15836` status updated to backlog-ready, sequenced after `PDIAP-15838`.
  - `PDIAP-12284` reopened for UIKit removal, dependency for `PDIAP-15836`.
  - Added new backlog items: `PDIAP-11961`, `PDIAP-11962`, `PDIAP-11562`, `PDIAP-12226`, `PDIAP-12227`, `PDIAP-12228`.
- Completed `PDIAP-16167`, documented findings in Confluence.
- Created daily log for 2026-05-05 summarizing work item updates and backlog triage.
- Added diagnostic script for workspace analysis.
2026-05-05 15:54:45 -06:00

1.5 KiB
Raw Blame History

type, project, status, ticket, title, systems, workstreams, people, related, updated, tags
type project status ticket title systems workstreams people related updated tags
work-item fidelity backlog PDIAP-11961 Remediation of Exposed Secrets in XFlow iOS SDK - Request for Rotation/Invalidation
xflowsdk
security
backlog-triage
jeff-dewitte
pdiap-11962
2026-05-05
work-item
fidelity
security

PDIAP-11961 - Remediation of Exposed Secrets in XFlow iOS SDK - Request for Rotation/Invalidation

Status

  • Backlog item; not assigned yet.
  • Jeff relayed that this is not a priority yet, but asked David to keep the details noted for future reference.

Context

  • Related to the remaining Google API Key alerts not included in the previous PDIAP-11962 closure.
  • If key rotation or invalidation is required, David/XFlow likely needs backend support or clarification because Google API Key rotation is not owned directly by the XFlow iOS side.

Historical Slack Context

  • October 2025 Slack context describes PDIAP-11961 as the request for rotation/invalidation of active exposed Google API keys.
  • The active Google API keys were documented as still valid/in use by the service, so they were intentionally separated from inactive-secret closure evidence.
  • PDIAP-11962 was created as the second-phase closure story to run after PDIAP-11961 invalidation/rotation work completed.
  • Earlier investigation noted that the API key appeared in a service response and that GitHub was flagging the old commit where the key had been hard-coded and later removed.
Reference in New Issue View Git Blame Copy Permalink