Define monitoring for trust bond TTLs, key rotation schedules, and credential age thresholds.
Signal: Entities should not operate with expired or near-expiration credentials.
What to track:
- Trust bond
valid_until dates — flag WARNING if < 14 days to expiration
- Cryptographic key age in
id/ directory — flag WARNING if > 180 days without rotation
- Keybase member age in entity bonds — flag INFO if > 365 days without update
Tier: WARNING (14-day warning), INFO (routine updates)
Files affected:
- GOVERNANCE.md (trust bonds with expiration dates)
- id/ (key rotation metadata)
- Keybase team membership (audit via API)
Related: alert-routing.md, fourty4-watch-setup.md
This is a proactive security signal, not reactive to failures.
Define monitoring for trust bond TTLs, key rotation schedules, and credential age thresholds.
Signal: Entities should not operate with expired or near-expiration credentials.
What to track:
valid_untildates — flag WARNING if < 14 days to expirationid/directory — flag WARNING if > 180 days without rotationTier: WARNING (14-day warning), INFO (routine updates)
Files affected:
Related: alert-routing.md, fourty4-watch-setup.md
This is a proactive security signal, not reactive to failures.