Security Review Exposes Critical Gap: No Rotation Plan for CIAM's Core Social Login API Key

A critical security gap has been exposed within the platform's CIAM (Customer Identity and Access Management) infrastructure. A recent security review (SR-1) identified that the `CIAM_RELOAD_API_KEY`, a pre-shared key used to authenticate the SIGHUP sidecar for social login configuration reloads, lacks any documented rotation procedure, maximum lifetime, or mechanism to detect a compromise. This key is central to the availability of social login features, yet its management is currently ad-hoc and insecure.

The issue, logged as a security requirement by a CIAM Engineer, stems from feature platform#15 (Social Login Connections — Google OIDC). The SIGHUP sidecar relies on this shared `RELOAD_API_KEY` to trigger configuration updates in the Kratos identity service. The security review flagged the absence of a formal runbook as a significant vulnerability. While a compromised key is not a direct data breach vector, its blast radius is severe: an attacker with internal network access could trigger repeated, disruptive reloads of the OIDC configuration, causing availability outages for the social login user path.

This operational risk underscores a foundational oversight in platform security hygiene. The lack of lifecycle management for a key controlling a critical authentication pathway leaves the system vulnerable to availability attacks. The newly created story mandates the definition and implementation of a formal rotation runbook, moving the key from an unmanaged secret to a properly governed security asset. The fix is now a blocking requirement, highlighting the pressure to harden core platform dependencies against internal threat scenarios.