add script for rotating cloud.gov secrets and runbook for description of script (#43)

* add script for rotating secrets and runbook for description of script

* add a note about why we rotate

* fix gh auth login if statement

* Update scripts/rotate_cloud_secrets.sh

Co-authored-by: Seamus Johnston <seamus.johnston@gsa.gov>

* add some comments about cf versions

Co-authored-by: Seamus Johnston <seamus.johnston@gsa.gov>
This commit is contained in:
Logan McDonald 2022-08-12 16:27:17 -04:00 committed by GitHub
parent 2fa2f33c3b
commit 0f5f6e24a8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 55 additions and 0 deletions

View file

@ -0,0 +1,17 @@
# Cloud.gov Continuous Delivery
We use a [cloud.gov service account](https://cloud.gov/docs/services/cloud-gov-service-account/) to deploy from this repository to cloud.gov with a SpaceDeveloper user.
## Rotating Cloud.gov Secrets
Make sure that you have cf v7 and not cf v8 as it will not work with this script.
Secrets are set and rotated using the [cloud.gov secret rotation script](./scripts/rotate_cloud_secrets.sh).
Prerequistes for running the script are installations of `jq`, `gh`, and the `cf` CLI tool.
NOTE: Secrets must be rotated every 90 days. This script can be used for that routine rotation or it can be used to revoke and re-create tokens if they are compromised.
## Github Action
TBD info about how we are using the github action to deploy.