Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh secrets for VRMS backend #1544

Open
Tyson-miller opened this issue Nov 15, 2023 · 4 comments
Open

Refresh secrets for VRMS backend #1544

Tyson-miller opened this issue Nov 15, 2023 · 4 comments
Labels
feature: Infrastructure Secrets, Prod and Dev setup, etc. role: Back End role: devops size: 0.5pt Can be done in 2-3 hours or less
Projects
VRMS - Active Project Board
Milestone
02 Security

Comments

@Tyson-miller
Copy link
Member

As part of work done on this issue, there were some secrets mistakenly exposed in the PR that we should now refresh.

The list of secrets is:

  • gmail_client_id
  • gmail_refresh_token
  • gmail_secret_id
  • mailhog_password
  • slack_bot_token
  • slack_client_id
  • slack_client_secret
  • slack_oauth_token
  • slack_signing_secret
    Which are set as container_env_vars in the ecs container for the vrms-backend.

The current secret values are stored in 1password and you can reach out to @Tyson-miller or in the ops channel to get them.
@Tyson-miller Tyson-miller added role: Back End role: devops size: 0.5pt Can be done in 2-3 hours or less feature: Infrastructure Secrets, Prod and Dev setup, etc. labels Nov 15, 2023
@Tyson-miller Tyson-miller added this to the 02 Security milestone Nov 15, 2023
@Tyson-miller Tyson-miller added this to New Issue Approval in VRMS - Active Project Board via automation Nov 15, 2023
@Tyson-miller Tyson-miller mentioned this issue Nov 15, 2023
Open
@JackHaeg JackHaeg mentioned this issue Mar 12, 2024
Open
@JackHaeg JackHaeg moved this from New Issue Approval to Prioritized Backlog in VRMS - Active Project Board Mar 12, 2024
@JackHaeg
Copy link
Member

@Spiteless These secrets are contained in the VRMS vault within 1password.

@Spiteless
Copy link
Member

Spiteless commented Apr 11, 2024
edited

Hey all, hopped on the DevOps COP call today and Bonnie requested I put some details on the secrets struggles here

Looking to refresh the tokens

gmail_client_id
gmail_refresh_token
gmail_secret_id
mailhog_password
slack_bot_token
slack_client_id
slack_client_secret
slack_oauth_token
slack_signing_secret

I have access to VRMS secrets, which stores these 4 env variables:

Screenshot of hackforlaVRMS/settings image

I don't currently have access to my 1password account, resolving that with support.

Here's the template that our client/backend .env files use:

Backend Secrets template 
CUSTOM_REQUEST_HEADER=
SLACK_OAUTH_TOKEN=
SLACK_BOT_TOKEN=
SLACK_TEAM_ID=
SLACK_CHANNEL_ID=
SLACK_CLIENT_ID=
SLACK_CLIENT_SECRET=
SLACK_SIGNING_SECRET=
BACKEND_PORT=
REACT_APP_PROXY=
GMAIL_CLIENT_ID=
GMAIL_SECRET_ID=
GMAIL_REFRESH_TOKEN=
GMAIL_EMAIL=
MAILHOG_PORT=
MAILHOG_USER=
MAILHOG_PASSWORD=
JWT_SECRET=
SECRET=
NODE_ENV=
Front End 
CLIENT_PORT=
CLIENT_URL=
BACKEND_HOST=
BACKEND_PORT=
REACT_APP_PROXY=
REACT_APP_CUSTOM_REQUEST_HEADER=
VITE_CLIENT_PORT=
VITE_CLIENT_URL=
VITE_BACKEND_HOST=
VITE_BACKEND_PORT=
VITE_REACT_APP_PROXY=
VITE_REACT_APP_CUSTOM_REQUEST_HEADER=

Questions and Clarifications

  • Are these secrets for stored in 1password?
  • Are the secrets pulled from 1password during our build?
  • Do the secrets need to be changed anywhere else as well?

After all this is finished, we're looking to write a guide so that if the secrets are exposed again in the future we can solve it faster.

@JackHaeg
Copy link
Member

@Spiteless Just to follow up on the "Questions and Clarifications" section in your comment, as I mentioned in my previous comment, the secrets are contained within the VRMS vault within 1password.

@JackHaeg
Copy link
Member

@jbubar & @Spiteless put in a request to be able to view AWS deployment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature: Infrastructure Secrets, Prod and Dev setup, etc. role: Back End role: devops size: 0.5pt Can be done in 2-3 hours or less
Projects
VRMS - Active Project Board
Prioritized Backlog
Milestone
02 Security
Development

No branches or pull requests
3 participants
@Spiteless @Tyson-miller @JackHaeg