Private Operator docs, add info re rotating the keys

docs/guides/integration-options-private-operator.md

@@ -7,6 +7,7 @@ displayed_sidebar: docs
 
 import Link from '@docusaurus/Link';
 import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';
+import SnptRotatingTheKeys from '../snippets/_private-operator-rotating-the-keys.mdx';
 
 # UID2 Private Operator Integration Overview
 
@@ -93,6 +94,10 @@ For information about supported versions and deprecation dates, see [Private Ope
 
 <UpgradePolicy />
 
+## Rotating the Keys
+
+<SnptRotatingTheKeys />
+
 ## Getting Started
 
 To get started as a Private Operator, follow these steps:

docs/guides/operator-guide-aks-enclave.md

@@ -10,6 +10,7 @@ displayed_sidebar: docs
 
 import Link from '@docusaurus/Link';
 import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';
+import SnptRotatingTheKeys from '../snippets/_private-operator-rotating-the-keys.mdx';
 
 # UID2 Private Operator for AKS Integration Guide
 
@@ -471,3 +472,7 @@ To upgrade, complete the following steps:
    ```
    kubectl get pods
    ```
+
+## Rotating the Keys
+
+<SnptRotatingTheKeys />

docs/guides/operator-guide-aws-marketplace.md

@@ -11,6 +11,7 @@ displayed_sidebar: docs
 import Link from '@docusaurus/Link';
 import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';
 import AttestFailure from '../snippets/_private-operator-attest-failure.mdx';
+import SnptRotatingTheKeys from '../snippets/_private-operator-rotating-the-keys.mdx';
 
 # UID2 Private Operator for AWS Integration Guide
 
@@ -359,6 +360,9 @@ The following table includes some additional commands that might help you manage
 | Runs one iteration of `logrotate` manually, without changing the scheduled interval. | `sudo logrotate -f /etc/logrotate.conf --force` |
 | Reloads `syslog-ng`. | `sudo /usr/sbin/syslog-ng-ctl reload` |
 
+## Rotating the Keys
+
+<SnptRotatingTheKeys />
 
 ## UID2 Operator Error Codes
 

docs/guides/operator-guide-azure-enclave.md

@@ -10,6 +10,7 @@ displayed_sidebar: docs
 
 import Link from '@docusaurus/Link';
 import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';
+import SnptRotatingTheKeys from '../snippets/_private-operator-rotating-the-keys.mdx';
 
 # UID2 Private Operator for Azure Integration Guide
 
@@ -336,6 +337,10 @@ To upgrade, complete the following steps:
    for i in {0..COUNT}; az container delete --name uid-operator-OLD-VERSION-$i --resource-group {RESOURCE_GROUP} --yes
    ```
 
+## Rotating the Keys
+
+<SnptRotatingTheKeys />
+
 ## UID2 Operator Error Codes
 
 The following table lists errors that might occur during a Private Operator's startup sequence.

docs/guides/operator-private-gcp-confidential-space.md

@@ -10,6 +10,7 @@ displayed_sidebar: docs
 
 import Link from '@docusaurus/Link';
 import UpgradePolicy from '../snippets/_private-operator-upgrade-policy.mdx';
+import SnptRotatingTheKeys from '../snippets/_private-operator-rotating-the-keys.mdx';
 
 # UID2 Private Operator for GCP Integration Guide
 
@@ -532,6 +533,10 @@ If you previously set up a load balancer manually, you'll also need to update th
 ## Scraping Metrics
 The Private Operator for GCP exposes [Prometheus-formatted metrics](https://prometheus.io/docs/concepts/data_model/) on port 9080 through the /metrics endpoint. You can use a Prometheus-compatible scraper to collect and aggregate these metrics for your own needs.
 
+## Rotating the Keys
+
+<SnptRotatingTheKeys />
+
 ## UID2 Operator Error Codes
 
 The following table lists errors that might occur during a Private Operator's startup sequence.

docs/snippets/_private-operator-rotating-the-keys.mdx

@@ -0,0 +1,7 @@
+<!-- Used by: all Private Operator guides plus intro: guides/operator-guide-aks-enclave.md, operator-guide-aws-marketplace.md, operator-guide-azure-enclave.md, operator-private-gcp-confidential-space.md, also integration-options-private-operator.md -->
+
+It's a good security practice to rotate the keys on a regular cadence.
+
+[**GWH__SW question. In this doc (AWS) we mention: KMSKey, SSMKeyAlias, "the operator key", SSH key, the key store, OPERATOR_KEY, EC2 key pair. I'd like to be clear about naming and I'm frankly not sure... is it the operator key? Just need to be a bit clearer than "rotate the keys"**]
+
+For specific recommendations, see [Security of API Key and Client Secret](../getting-started/gs-credentials.md#security-of-api-key-and-client-secret).