# Deployment Strategies Security (Blue-Green/Canary) One-sentence definition: Reduce release risk by isolating new versions and limiting blast radius. ## Key Facts - Blue-green: two prod environments; switch traffic after validation. - Canary: small % rollout; health/SLO gates; auto-rollback on errors. - Keep schema backward compatibility; version APIs and DB migrations. - Protect with WAF/rate limits during rollout; log version in telemetry. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Pick canary when risk uncertain; blue-green for fast rollback. **Mnemonic:** “**Ship small, switch safe**.” ## Mini Scenario Q: New release spikes 500s—best action? A: Auto-rollback via canary gates and revert DB migration safely. ## Revision Checklist - Two strategies. - Gate signals. - Backward-compat rule. ## Related [[Rollback and Release Governance]] · [[Security Testing Strategy (Unit Integration E2E Fuzz)]] · [[Application Telemetry and Privacy Controls]] · [[CI CD Security (Runners Secrets Artifacts)]] · [[Domain 8 - Index]]