zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-25 20:18:38 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/runbook/continuous_delivery.md
Logan McDonald 0f5f6e24a8
add script for rotating cloud.gov secrets and runbook for description of script (#43) 
* add script for rotating secrets and runbook for description of script

* add a note about why we rotate

* fix gh auth login if statement

* Update scripts/rotate_cloud_secrets.sh

Co-authored-by: Seamus Johnston <seamus.johnston@gsa.gov>

* add some comments about cf versions

Co-authored-by: Seamus Johnston <seamus.johnston@gsa.gov>
2022-08-12 16:27:17 -04:00

771 B
Raw Blame History

Cloud.gov Continuous Delivery

We use a cloud.gov service account to deploy from this repository to cloud.gov with a SpaceDeveloper user.

Rotating Cloud.gov Secrets

Make sure that you have cf v7 and not cf v8 as it will not work with this script.

Secrets are set and rotated using the cloud.gov secret rotation script.

Prerequistes for running the script are installations of jq, gh, and the cf CLI tool.

NOTE: Secrets must be rotated every 90 days. This script can be used for that routine rotation or it can be used to revoke and re-create tokens if they are compromised.

Github Action

TBD info about how we are using the github action to deploy.