馃懛 Clean up secrets and connection strings #122
Comments
jackreimers
added
the
Type: DevOps
|
As per my discussion with @brydeno we are going to leave the GPT API key and database connection string as is because this would be better done as an infrastructure as code deployment and there is no secret data in the database or API key. |
|
Hi @jackreimers and @brydeno - I disagree about this:
While this is true for now, we are locking the GPT4 API key behind an authentication wall. It may not necessarily protect secret data, but it has a cost implication that needs to be protected. I do agree with this:
Does that not mean that's what we should do, rather than leaving things as they are? |
|
As per my conversation with @calumjs we are going to prioritise getting Identity Server implemented and come back to this at a later date. |
|
@jackreimers any update? |
|
@bradystroud this will be resolved by #32 which is currently blocked |
Cc: @matt-goldman
Hi
Pain
Currently there are secrets being stored in appsettings.json and in configuration variables in Azure.
This is making setup of development environments confusing and means secrets are stored in the incorrect place.
Suggested Solution
Remove the secrets from appsettings.json and have them stored in secrets.json instead.
Any secrets in Azure config variables should be moved to Key Vault or Connection Strings.
The GitHub action to deploy to Azure should deploy the secrets to KeyVault.
Tasks
Acceptance Criteria
There should be no secrets stored outside of secrets.json in the project and they should be properly stored in Azure.
Thanks!
The text was updated successfully, but these errors were encountered: