mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-08-04 08:52:16 +02:00
add script for rotating cloud.gov secrets and runbook for description of script (#43)
* add script for rotating secrets and runbook for description of script * add a note about why we rotate * fix gh auth login if statement * Update scripts/rotate_cloud_secrets.sh Co-authored-by: Seamus Johnston <seamus.johnston@gsa.gov> * add some comments about cf versions Co-authored-by: Seamus Johnston <seamus.johnston@gsa.gov>
This commit is contained in:
parent
2fa2f33c3b
commit
0f5f6e24a8
2 changed files with 55 additions and 0 deletions
17
docs/runbook/continuous_delivery.md
Normal file
17
docs/runbook/continuous_delivery.md
Normal file
|
@ -0,0 +1,17 @@
|
|||
# Cloud.gov Continuous Delivery
|
||||
|
||||
We use a [cloud.gov service account](https://cloud.gov/docs/services/cloud-gov-service-account/) to deploy from this repository to cloud.gov with a SpaceDeveloper user.
|
||||
|
||||
## Rotating Cloud.gov Secrets
|
||||
|
||||
Make sure that you have cf v7 and not cf v8 as it will not work with this script.
|
||||
|
||||
Secrets are set and rotated using the [cloud.gov secret rotation script](./scripts/rotate_cloud_secrets.sh).
|
||||
|
||||
Prerequistes for running the script are installations of `jq`, `gh`, and the `cf` CLI tool.
|
||||
|
||||
NOTE: Secrets must be rotated every 90 days. This script can be used for that routine rotation or it can be used to revoke and re-create tokens if they are compromised.
|
||||
|
||||
## Github Action
|
||||
|
||||
TBD info about how we are using the github action to deploy.
|
Loading…
Add table
Add a link
Reference in a new issue