"Woops. I hit ctrl+enter instead of ctrl+c while copying my secret. Guess production's down for a bit while we roll new ones!"
I mean your core idea is decent but that's just really funny.
There's some amount of practicality being lost if your secrets start growing massively. There's also potentially restrictions to what you can put in them, and a prefix with an underscore or colon might be easier than something that has slashes in it.
Your idea is probably living as a queriable dns record on the ___domain in question. Or a standard subdomain, or even a .well-known path.
The alternative (as in, current reality) is "Whoops. I hit ctrl+entry while copying my secret and no-one noticed for a month. Guess all our data is leaked now!"
It's also up to each provider what actually happens when the "revoke" action is triggered. Maybe they just warn you immediately, which is still better than nothing.
I mean your core idea is decent but that's just really funny.
There's some amount of practicality being lost if your secrets start growing massively. There's also potentially restrictions to what you can put in them, and a prefix with an underscore or colon might be easier than something that has slashes in it.
Your idea is probably living as a queriable dns record on the ___domain in question. Or a standard subdomain, or even a .well-known path.