-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Export teacher applications to gdrive #43476
Conversation
enrollments_summer_2020_gsheet_key: | ||
# Used for exporting the workshop data to a gsheet | ||
applications_2022_2023_gsheet_key: !Secret | ||
gdrive_export_secret: !Secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is this gdrive_export_secret
secret used for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It authorizes the gdrive session when running the script so that the account can then go to the file and write to it (if the file gives the account permission)
enrollments_summer_2020_gsheet_key: | ||
# Used for exporting the workshop data to a gsheet | ||
applications_2022_2023_gsheet_key: !Secret | ||
gdrive_export_secret: !Secret | ||
|
||
javabuilder_private_key: !Secret | ||
javabuilder_key_password: !Secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is a bit off-topic, but this reminds me that there may be some secret keys in our developer setup process that could be added in this way, so that we don't have to manually add them to locals.yml. properties_encryption_key
comes to mind for me:
code-dot-org/locals.yml.default
Lines 53 to 56 in 31a934c
# Code.org engineers should obtain this from AWS Secrets Manager at: | |
# https://console.aws.amazon.com/secretsmanager/home?region=us-east-1#/secret?name=development%2Fcdo%2Fproperties_encryption_key | |
# Contributors should ask a Code.org engineer for this if needed. | |
#properties_encryption_key: '' |
@megcrenshaw , are there any other shared keys which come to mind for you from your recent setup experience?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good call. properties_encryption_key:
is the only key in my locals
file right now, and it's already part of Secrets Manager. Shall I go ahead and add it to the development yml file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes please, that would be great!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could please also change the lines in locals.yml.default from
# Code.org engineers should obtain this from AWS Secrets Manager at:
# https://console.aws.amazon.com/secretsmanager/home?region=us-east-1#/secret?name=development%2Fcdo%2Fproperties_encryption_key
to something like this?
# Code.org engineers with AWS credentials should get this automatically via AWS Secrets Manager.
the note about Contributors should probably stay.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Meg!
Updates the existing export file to use a new gsheet. I followed the process detailed in #39120, which references #32597.
Testing story
Tested end-to-end locally with development secrets configured in Secret Manager. I added the configuration needed in
development.yml.erb
for local testing––to overwrite values in the Secrets Manager, put inlocals.yml
.Things to check:
applications_2022_2023_gsheet_key
for the file in different environments. The key in the development environment is different for testing.locals.yml
file.If you are wanting to put credentials into your
locals.yml
file, it should look something likeLet me know if you're wanting to test locally and running into trouble.
Deployment strategy
Follow-up work
Privacy
Security
All secrets are in the AWS Secrets Manager.
Caching
PR Checklist: