add script for rotating cloud.gov secrets and runbook for description of script (#43)

* add script for rotating secrets and runbook for description of script * add a note about why we rotate * fix gh auth login if statement * Update scripts/rotate_cloud_secrets.sh Co-authored-by: Seamus Johnston <seamus.johnston@gsa.gov> * add some comments about cf versions Co-authored-by: Seamus Johnston <seamus.johnston@gsa.gov>
2025-08-05 09:21:54 +02:00 · 2022-08-12 16:27:17 -04:00 · 2022-08-12 16:27:17 -04:00 · 0f5f6e24a8
commit 0f5f6e24a8
parent 2fa2f33c3b
2 changed files with 55 additions and 0 deletions
--- a/docs/runbook/continuous_delivery.md
+++ b/docs/runbook/continuous_delivery.md
@ -0,0 +1,17 @@
+# Cloud.gov Continuous Delivery
+
+We use a [cloud.gov service account](https://cloud.gov/docs/services/cloud-gov-service-account/) to deploy from this repository to cloud.gov with a SpaceDeveloper user.
+
+## Rotating Cloud.gov Secrets
+
+Make sure that you have cf v7 and not cf v8 as it will not work with this script. 
+
+Secrets are set and rotated using the [cloud.gov secret rotation script](./scripts/rotate_cloud_secrets.sh).
+
+Prerequistes for running the script are installations of `jq`, `gh`, and the `cf` CLI tool. 
+
+NOTE: Secrets must be rotated every 90 days. This script can be used for that routine rotation or it can be used to revoke and re-create tokens if they are compromised.
+
+## Github Action
+
+TBD info about how we are using the github action to deploy.