Closed sastels closed 3 weeks ago
As a Notify user, I need secrets to be secure and occasionally changed
Want to rotate the database master password
Moving the app to a new user and rotating the master password
password has been changed
[x] Create a user app_db_user (can use the scripts in the attic to create the user).
[x] Add the user to the RDS Proxy
[x] Verify on the jump box that the new user can connect to the database
[x] Change values in manifest repo to be generated from app_db_user:
[x] Verify that the app and Hasura still work (also: smoke test api k8s)
[x] Change secrets in terraform to be generated from app_db_user:
[x] Run the merge to production script
[x] Redeploy the blazer service (so the new variable gets picked up)
[x] Verify that blazer and api lambda still work
[x] Add the new terraform variables in LastPass
[x] Change the master password!
[x] Verify that app / Blazer / Hasura still work
[x] Add the new value in LastPass
Description
As a Notify user, I need secrets to be secure and occasionally changed
WHY are we building?
Want to rotate the database master password
WHAT are we building?
Moving the app to a new user and rotating the master password
VALUE created by our solution
password has been changed
Tasks
[x] Create a user app_db_user (can use the scripts in the attic to create the user).
[x] Add the user to the RDS Proxy
[x] Verify on the jump box that the new user can connect to the database
[x] Change values in manifest repo to be generated from app_db_user:
[x] Verify that the app and Hasura still work (also: smoke test api k8s)
[x] Change secrets in terraform to be generated from app_db_user:
[x] Run the merge to production script
[x] Redeploy the blazer service (so the new variable gets picked up)
[x] Verify that blazer and api lambda still work
[x] Add the new terraform variables in LastPass
[x] Change the master password!
[x] Run the merge to production script
[x] Verify that app / Blazer / Hasura still work
[x] Add the new value in LastPass
Acceptance Criteria
QA Steps