From 15b69ca80c6b81122021f3cb962b333c428833c2 Mon Sep 17 00:00:00 2001 From: Jan Timpe Date: Sun, 2 Jun 2024 17:15:55 -0400 Subject: [PATCH 1/4] add sendgrid api key --- scripts/deploy-backend.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/deploy-backend.sh b/scripts/deploy-backend.sh index 7a742ad79..4d9cbb764 100755 --- a/scripts/deploy-backend.sh +++ b/scripts/deploy-backend.sh @@ -61,7 +61,8 @@ set_cf_envs() "LOGGING_LEVEL" "REDIS_URI" "JWT_KEY" - "STAGING_JWT_KEY" + "STAGING_JWT_KEY", + "SENDGRID_API_KEY", ) echo "Setting environment variables for $CGAPPNAME_BACKEND" From f29dc4df0ed01136d510a3194c63ca350479b917 Mon Sep 17 00:00:00 2001 From: Jan Timpe Date: Mon, 3 Jun 2024 09:19:11 -0400 Subject: [PATCH 2/4] missed comma --- scripts/deploy-backend.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/deploy-backend.sh b/scripts/deploy-backend.sh index 4d9cbb764..295a378e2 100755 --- a/scripts/deploy-backend.sh +++ b/scripts/deploy-backend.sh @@ -60,7 +60,7 @@ set_cf_envs() "KIBANA_BASE_URL" "LOGGING_LEVEL" "REDIS_URI" - "JWT_KEY" + "JWT_KEY", "STAGING_JWT_KEY", "SENDGRID_API_KEY", ) From 79ba3d91f411d5a2d60273fe87e788c26957b914 Mon Sep 17 00:00:00 2001 From: Jan Timpe Date: Mon, 3 Jun 2024 09:23:21 -0400 Subject: [PATCH 3/4] oh there were NOT supposed to be commas --- scripts/deploy-backend.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/deploy-backend.sh b/scripts/deploy-backend.sh index 295a378e2..3f53b6b59 100755 --- a/scripts/deploy-backend.sh +++ b/scripts/deploy-backend.sh @@ -60,9 +60,9 @@ set_cf_envs() "KIBANA_BASE_URL" "LOGGING_LEVEL" "REDIS_URI" - "JWT_KEY", - "STAGING_JWT_KEY", - "SENDGRID_API_KEY", + "JWT_KEY" + "STAGING_JWT_KEY" + "SENDGRID_API_KEY" ) echo "Setting environment variables for $CGAPPNAME_BACKEND" From 169320528515d4bbb702d7b09bbdd66d236c9313 Mon Sep 17 00:00:00 2001 From: Jan Timpe Date: Mon, 3 Jun 2024 15:04:44 -0400 Subject: [PATCH 4/4] update env config to include secret key management --- .../004-configuration-by-environment-variable.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/Technical-Documentation/Architecture-Decision-Record/004-configuration-by-environment-variable.md b/docs/Technical-Documentation/Architecture-Decision-Record/004-configuration-by-environment-variable.md index dbd6920c1..95c1a4604 100644 --- a/docs/Technical-Documentation/Architecture-Decision-Record/004-configuration-by-environment-variable.md +++ b/docs/Technical-Documentation/Architecture-Decision-Record/004-configuration-by-environment-variable.md @@ -9,9 +9,11 @@ Accepted Applications need to be configured differently depending on where they are running. For example, the backend running locally will have different configuration then the backend running in production. +Further, environment variables can be designated "secret" or not; the term "secret key" is often used in place of secret environment variables. Secret keys are sometimes (but not always) shared between different deployment environments, which makes it useful to have a central "single source of truth" where a secret key can be kept and copied out to different environments. CircleCI solves this use case for us, allowing secret keys to be managed by the project's Environment Variables, and accessed in the deployment process to write to cloud.gov applications. + ## Decision -We will use environment variables to configure applications. +We will use environment variables to configure applications. We will use Environment Variables in CircleCI to store and manage secret keys. ## Consequences