You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
andrew-jameson opened this issue
Jul 20, 2022
· 2 comments
Assignees
Labels
BlockedLabel for Pull Requests that are currently blocked by a dependencydevdevopsDXDeveloper ExperienceRefinedTicket has been refined at the backlog refinement
Description:
When updating JWT keys, I want to be able to share keys across the team in a secure manner. I've seen Hashicorp Vault, SOPS, and Ansible Vault among other utilities cover this key management problem. Being able to utilize one of these solutions would allow key rotation and updating environment variables for the application to work more easily as it related to the work from #1826.
Acceptance Criteria: Create a list of functional outcomes that must be achieved to complete this issue
JWT_KEY values for all three cloud.gov spaces are secure, updatable, readable
JWT_KEY values are no longer stored in CircleCI environment variables
The storage solution for JWT_KEYs are accessible by dev team, government tech lead, and CircleCI
JWT_KEY values are updated via the CircleCI deployment pipelines by both raft-tech and HHS repositories
Testing Checklist has been run and all tests pass
README is updated, if necessary
Tasks: Create a list of granular, specific work items that must be completed to deliver the desired outcomes of this issue
Using pre-existing Terraform state s3 bucket, store JWT_KEY values for the respective CF spaces
JWT_KEY values for CF spaces are updated during our CircleCI deployments using the state bucket as their source of truth
Document the process for developers to access the JWT_KEYs for respective space
Notes: Add additional useful information, such as related issues and functionality that isn't covered by this specific issue, and other considerations that will be helpful for anyone reading this
While Terraform can inspect the CF apps' environment variables, we do not want these values to overwrite the s3 state bucket as 'source of truth'
Supporting Documentation:
Open Questions:
The text was updated successfully, but these errors were encountered:
andrew-jameson
changed the title
SPIKE: As tech lead, I want updating JWT_KEY for Login.gov
SPIKE: As tech lead, I want updating JWT_KEY for Login.gov to be secure and accessible
Jul 20, 2022
andrew-jameson
changed the title
SPIKE: As tech lead, I want updating JWT_KEY for Login.gov to be secure and accessible
As tech lead, I want updating JWT_KEY for Login.gov to be secure and accessible
Oct 20, 2022
BlockedLabel for Pull Requests that are currently blocked by a dependencydevdevopsDXDeveloper ExperienceRefinedTicket has been refined at the backlog refinement
Description:
When updating JWT keys, I want to be able to share keys across the team in a secure manner. I've seen Hashicorp Vault, SOPS, and Ansible Vault among other utilities cover this key management problem. Being able to utilize one of these solutions would allow key rotation and updating environment variables for the application to work more easily as it related to the work from #1826.
Acceptance Criteria:
Create a list of functional outcomes that must be achieved to complete this issue
Tasks:
Create a list of granular, specific work items that must be completed to deliver the desired outcomes of this issue
Notes:
Add additional useful information, such as related issues and functionality that isn't covered by this specific issue, and other considerations that will be helpful for anyone reading this
Supporting Documentation:
Open Questions:
The text was updated successfully, but these errors were encountered: