Forest env secret rotation

I’m doing rotation exercises for all our credentials, and I’m trying to figure out how to rotate a Forest Environment Secret.

In case of compromise, how can we rotate them while ensuring the continuity of our service and not having to recreate everything?

Feature(s) impacted

Environment settings

Observed behavior

I can’t find a way to reset or rotate the secret.

Expected behavior

Have a “reset” or “rotate” button to generate a new secret easily.


Please provide in this mandatory section, the relevant information about your configuration:

  • Project name: Elevo
  • Team name: CS / Tech
  • Environment name: Staging (and same goes for Production)
  • Agent type & version: forest_liana gem 7.4.5
  • Recent changes made on your end if any: None

Hey @leo_elevo

First of all, this is currently not supported as is so I’ll push this as a feature request to our product board.

For your remote/staging environment, I think you could be able to achieve this in an automated context using our CLI by creating/dropping environment with forest environments commands (You can get more infos on the github repository)

For your production environment … The only workaround I can think of would be to promote a new production each time you want to rotate your forest env secret (You should see a switch production button in your environment settings, documentation is available here).

I’m switching the topic to product suggestion and pushing it to our product board, as I understand that this will be a manual solution.

Let me know if that helps

1 Like

Thank you for your reply.

Having process parity between production and staging is a requirement for being able to do relevant rehearsals. Is there a way to promote environments to pre-prod ones? I’m not sure if it makes sense as I don’t know what an environment being tagged as “production” on Forest entails.

In the meantime, what is process to make sure the new production environment is the exact same for our users once promoted?

  • Create new-production environment targeting the same URL as the previous one
  • Copy layout from production to new-production
  • Promote

Would these steps guarantee the parity of this new environment?

Thank you for your help

Hi @leo_elevo, when you create a new environment (new-production), it’ll inherit automatically from the UI of your previous production. No need to do a copy layout with our new development workflow



I’m trying to achieve the same as leo_elevo, rotate the env secret for a given environment.

I understand that I can create new environments, but it seems the new environment is a blank canvas with no role permissions set and I would like to keep exactly the same permissions that I currently have on the existing environment without having to re-configure them one by one manually. Do you have any suggestions how to achieve this with the least amount of manual work?

Hi @sergior

We just released a new feature to help you achieve that!

You can now copy the role permissions from one environment to another :tada:

From the Project Settings > Roles, click on Actions and then Copy roles permissions across environments.

I hope this helps!

1 Like

Hi @Harold that has achieved what I wanted to do, thank you!