Auth Service — Service Risk Register
Status: populated Owner: Security Last updated: 2026-04-18
| ID | Risk | L | I | Mitigation | Owner |
|---|---|---|---|---|---|
| R-AUTH-01 | Leaked signing key | Low | Critical | Vault + emergency rotation runbook; all refresh revoked | Security |
| R-AUTH-02 | JWKS rotation without overlap | Low | High | 10-min overlap window enforced in RotateJwksUseCase | Engineering |
| R-AUTH-03 | API key lookup endpoint compromised → impersonation | Low | Critical | Internal-only (no Kong route); mTLS between Kong and auth-service | SRE + Security |
| R-AUTH-04 | Firebase outage blocks federated login | Medium | Medium | Password fallback for Firebase users; comms on status page | SRE |
| R-AUTH-05 | Credential stuffing | High | Medium | Rate limit at Kong; IP + email lockout; breach-list check (future) | Security |
| R-AUTH-06 | Weak password policy bypass | Low | Medium | zxcvbn minimum + periodic policy review | Security |
| R-AUTH-07 | TOTP secret leak via log | Low | High | Never logged; Pino redaction tests | Engineering |
| R-AUTH-08 | Cross-account role assignment | Low | High | Guard: role assigned only within user's account | Engineering |
| R-AUTH-09 | Kong custom plugin version drift | Medium | High | Pinned plugin image; CI smoke | SRE |
| R-AUTH-10 | DB replica lag during rotation | Low | Medium | Rotation writes to primary only; Kong hits primary JWKS |