Closed dbadham-fr closed 7 months ago
Initial thoughts are if we add the OBSEAL Pem and Key to Google secret Manager (I would rather us not have a pipeline access our ci_secrets repo for security) then a script would be able to run the steps 10 onwards
To do
Add in further logging to help with cert generation
NOTE: Once the script has been ran against dev, need to alter the sbat-deploy pipeline to include the dev environment variable in the GSM names
Renewing the ASPSP certs is quite a manual process, see guide: https://wikis.forgerock.org/confluence/display/SBAT/Open+Banking+Directory+Certificates
These tasks are common to the development and customer release environments.
Review the process and see how we can make it more automated.
Once we have an OBWac and OBSeal, it should be possible to automate the remaining steps to deploy these to the correct environment. Step 9 in the guide onwards.