zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-15 00:57:02 +02:00
Code Issues Projects Releases Packages Wiki Activity

Update docs for Login.gov

Browse source
This commit is contained in:
Seamus Johnston 2022-09-27 10:25:51 -05:00
parent a4ce1e6d08
commit 651e3d91b1
No known key found for this signature in database
GPG key ID: 2F21225985069105
2 changed files with 32 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/developer/README.md
View file

@ -20,9 +20,15 @@ Visit the running application at [http://localhost:8080](http://localhost:8080).
## Setting Vars
Every environment variable for local development is set in [src/docker-compose.yml](../../src/docker-compose.yml).
Non-secret environment variables for local development are set in [src/docker-compose.yml](../../src/docker-compose.yml).
Including variables which would be secrets and set via a different mechanism elsewhere.
Secrets (for example, if you'd like to have a working Login.gov authentication) go in `.env` in [src/](../../src/) with contents like this:
```
DJANGO_SECRET_LOGIN_KEY="<...>"
```
You'll need to create the `.env` file yourself. Get the secrets from Cloud.gov by running `cf env getgov-unstable`.
## Viewing Logs

23
docs/operations/runbooks/rotate_application_secrets.md
View file

@ -14,10 +14,13 @@ Where `credentials-<ENVIRONMENT>.json` looks like:
```json
{
"DJANGO_SECRET_KEY": "EXAMPLE",
"DJANGO_SECRET_LOGIN_KEY": "EXAMPLE",
...
}
```
(Specific credentials are mentioned below.)
You can see the current environment with `cf env <APP>`, for example `cf env getgov-unstable`.
The command `cups` stands for [create user provided service](https://docs.cloudfoundry.org/devguide/services/user-provided.html). User provided services are the way currently recommended by Cloud.gov for deploying secrets. The user provided service is bound to the application in `manifest-<ENVIRONMENT>.json`.
@ -32,3 +35,23 @@ cf restage getgov-unstable --strategy rolling
```
Non-secret environment variables can be declared in `manifest-<ENVIRONMENT>.json` directly.
## DJANGO_SECRET_KEY
This is a standard Django secret key. See Django documentation for tips on generating a new one.
## DJANGO_SECRET_LOGIN_KEY
This is the base64 encoded private key used in the OpenID Connect authentication flow with Login.gov. It is used to sign a token during user login; the signature is examined by Login.gov before their API grants access to user data.
Generate a new key using this command (or whatever is most recently recommended by Login.gov):
```bash
openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private.pem -out public.crt
```
Encode it using:
```bash
base64 private.pem
```