Automate ASPSP cert renewal tasks

SecureApiGateway / SecureApiGateway

Top level project - includes wiki, github-pages and issues

https://github.com/SecureApiGateway/SecureApiGateway/wiki

Apache License 2.0

1 stars 1 forks source link

Automate ASPSP cert renewal tasks #848

Closed dbadham-fr closed 7 months ago

dbadham-fr commented 1 year ago

Renewing the ASPSP certs is quite a manual process, see guide: https://wikis.forgerock.org/confluence/display/SBAT/Open+Banking+Directory+Certificates

These tasks are common to the development and customer release environments.

Review the process and see how we can make it more automated.

Once we have an OBWac and OBSeal, it should be possible to automate the remaining steps to deploy these to the correct environment. Step 9 in the guide onwards.

shaunharrisonFR commented 10 months ago

Initial thoughts are if we add the OBSEAL Pem and Key to Google secret Manager (I would rather us not have a pipeline access our ci_secrets repo for security) then a script would be able to run the steps 10 onwards

shaunharrisonFR commented 8 months ago

To do

Add in further logging to help with cert generation

shaunharrisonFR commented 8 months ago

NOTE: Once the script has been ran against dev, need to alter the sbat-deploy pipeline to include the dev environment variable in the GSM names