SECOPS
OAuth App Revocation Request and Approval
Lets security file a revocation request for a risky OAuth app through a form, tracks approval in Linear.
How it runs
The automated pipeline, trigger to output.
- TriggerRevocation request form submittedHTTP webhook
- ActionOpen Linear issue for approval trailLinear
- LogicWait until issue reaches approved state
- ActionRevoke app OAuth tokens via Workspace admin APIGoogle Drive
- ActionEmail affected users about the removalGmail
- OutputConfirm revocation in security Slack channelSlack
What it does
This workflow turns the decision to kill an OAuth grant into a tracked, auditable action. Security submits the app to revoke and a reason; the flow opens a Linear issue for the approval trail, waits for sign-off, then calls the Workspace admin API to revoke the app's tokens and emails every affected user so a broken integration does not surprise them.
When to use it
Use it when revoking app access needs a paper trail and a human approval gate rather than a one-click button anyone can hit. It fits teams that must show who approved a revocation and confirm users were warned before access was pulled.
How it works
- 1A form submission triggers the flow with the target app and reason.
- 2The flow opens a Linear issue capturing the request and the requester.
- 3A logic step waits for the issue to reach an approved state.
- 4On approval, the flow revokes the app's OAuth tokens via the Workspace admin API.
- 5The flow emails affected users that the integration was removed and why.
- 6A Slack confirmation closes the loop with the security channel.
Set it up
What you configure once, before turning it on.
- 1Connect HTTP webhookTrigger any URL on agent actions.
- 2Connect LinearIssues, projects, cycles, triage.
- 3Connect Google DriveDocs, sheets, slides, files.
- 4Connect GmailRead, draft, send, label.
- 5Connect SlackChannels, DMs, threads, mentions.
- 6Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 7Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 8Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More SecOps workflows
Scheduled AWS Access-Key Age Sweep and Forced Rotation
Runs daily to find IAM access keys older than your policy threshold, deactivates the stale key, issues a fresh pair, and notifies the key owner with their replacement instructions.
Correlate Datadog WAF anomaly alert with Cloudflare evidence
When Datadog fires a WAF block-rate anomaly monitor, it pulls the matching Cloudflare firewall events, builds an evidence pack of top rules and ASNs.
Exposed-Secret Incident Triage and Remediation Agent
An agent-driven workflow that investigates a reported leaked secret end to end, decides revoke-versus-escalate, executes the rotation.
Non-Rotatable Leaked Secret to PagerDuty Escalation
Catches secret-scan hits for credentials that cannot be auto-rotated, gathers blast-radius context, and pages the on-call engineer with a step-by-step manual rotation runbook.
GitHub Secret-Scan Hit to Auto-Revoke and Rotate
When GitHub secret scanning flags a leaked credential in a repo, it auto-classifies the secret type, revokes the live key at the provider, mints a replacement.
Post-Revocation Verification and Audit Logging
After a key is revoked, it confirms the old credential actually fails, verifies the replacement works.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.