search

department-of-veterans-affairs / va.gov-cms

Editor-centered management for Veteran-centered content.
https://prod.cms.va.gov
GNU General Public License v2.0
99 stars 68 forks source link

Create Oauth public/private keys and store in AWS SSM #15794

Closed timcosgrove closed 1 year ago

timcosgrove commented 1 year ago

Requirements

We want public/private keys created for Oauth authentication and stored in SSM, so that our keys are stored correctly and can be used by our various CMS Preview setups.

### Acceptance criteria
- [x] Oauth public and private keys pairs are created for Prod and Tugboat/Staging
- [x] These keys are stored in AWS SSM

Background & implementation details

Per Next Drupal documentation, Oauth public/private key pairs can be generated by a machine with openssl installed: https://next-drupal.org/learn/preview-mode/create-oauth-client#4-generate-keys

openssl genrsa -out private.key 2048 openssl rsa -in private.key -pubout > public.key

Once created, these keys should be stored in AWS SSM. The naming of the keys is to be discussed.

Once stored, the engineer who created the keys should destroy them on their local machine, so that they are only stored on AWS and nowhere else. 

### Implementation tasks
- [ ] Use this if it helps you or feel free to delete.
tjheffner commented 1 year ago

Two sets of keys were created using openssl genrsa -out private.key 2048 && openssl rsa -in private.key -pubout > public.key

These have been stored in AWS SSM at these locations, and then removed from my local machine:

/cms/prod/drupal_api_users/next_build_api/public.key
/cms/prod/drupal_api_users/next_build_api/private.key
/cms/staging/drupal_api_users/next_build_api/public.key
/cms/staging/drupal_api_users/next_build_api/private.key