Find github token usage and rotate token

[indytechcook]

Find github token usage and rotate token

https://github.com/department-of-veterans-affairs/devops/blob/ansible/build/cms-ci/ansible/build/roles/cms-ci/templates/va.drush.inc.j2#L80-L81

Acceptance Criteria

• [x] find usage and update token
• [x] add and/or update related documentation in va.gov-team-sensitive repo

[ElijahLynn]

DevShop token still appears to be used somewhere, possibly in the CMS > find it, create new, update, then delete old token here https://github.com/settings/tokens and then remove the old code.

This could be done as part of https://github.com/department-of-veterans-affairs/va.gov-cms/issues/3503 too.

[ElijahLynn]

Okay, new token was created a while ago, and added to credstash. The old token was finally deleted today. The blocker on deleting it was that when I went to delete the token I got a message saying that 2 SSH keys generated for it would also be deleted. But when I went to the SSH keys section for the va-cms-bot user, there were none listed. Also the keys said they were for dashboard.tugboat.vfs.va.gov, which we only used briefly, early on in our setup and then stopped using that in favor of tugboat.vfs.va.gov.

I tested a git pull from our Tugboat server after I deleted the token (which deleted the unknown keys) and it still works, also the fingerprint differed so we are safe there.

When I deleted the token, it said it was last used 5 weeks ago.

I still have to update documentation in the va-gov-team-sensitive repo for now.

[ElijahLynn]

Added initial docs around service accounts and token usage here > https://github.com/department-of-veterans-affairs/va.gov-team-sensitive/blob/43e65cacbb21981a630b8e422ac5315ca55efcdb/platform/cms/cms-service-account-va-cms-bot.md