search

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:
https://depo-platform-documentation.scrollhelp.site/index.html
284 stars 206 forks source link

Please generate Public/Private Key pairs for Clipboard Questionnaire app integration with Lighthouse PGD #17668

Closed dillo closed 3 years ago

dillo commented 3 years ago

Issue Description

The Clipboard Questionnaire app will make calls into the Lighthouse PGD environment. Authentication is handled by a JWT Exchange service endpoint in Lighthouse, which requires a public/private key exchange. We will need three sets of keys for each environment we will connect to: Sandbox, Staging and Production.

This key exchange is identical to the HealthQuest key exchange for their MAP integration, if we want to see an example of how this has been previously implemented.

> You must generate RSA-2048 or RSA-4096 keypairs to be used in each environment- sandbox, staging, and production. Once that is completed, you must submit all 3 generated public keys and a desired reverse DNS-style issuer ID (e.g. gov.va.system.v1)

Please store the private keys in credstash.

Tasks

Acceptance Criteria

How to configure this issue

jhouse-solvd commented 3 years ago

@dillo - Thanks for creating the issue for us. Can you give us an idea as to how soon these keys will be needed to support for the Clipboard Questionnaire app in integrating with Lighthouse PGD?

dillo commented 3 years ago

@dillo - Thanks for creating the issue for us. Can you give us an idea as to how soon these keys will be needed to support for the Clipboard Questionnaire app in integrating with Lighthouse PGD?

@jhouse-solvd I'd like the shared keys as soon as possible since this will enable development work to continue without being blocked. The production key generation can be done at a future date that's deemed appropriate by both the Health Care and Lighthouse teams. Thank you!

jhouse-solvd commented 3 years ago

@dillo - I am following up with the Ops team today to get some information for you and help set timeline and expectation for next steps. Thank you for your patience!

dillo commented 3 years ago

@jhouse-solvd Thank you very much!

jhouse-solvd commented 3 years ago

@dillo - Would you be able to generate the keys and send them to us using keybase / onceler? It is generally better for Ops if application teams create the auth keys / tokens that they need. Ops can then ensure that they are properly installed using credstash.

If so, I can message you a team member's keybase account name. Thank you, sir!

dillo commented 3 years ago

@jhouse-solvd Thank you! I can go ahead and generate the keys and send them to a team member if you can provide me their keybase account! Happy Holidays!

stephenBarrs commented 3 years ago

@jhouse-solvd are you able to get the keybase account name to @dillo so we can get the private keys into credstash? Thanks!

jhouse-solvd commented 3 years ago

@stephenBarrs - yes, absolutely. (you beat me to it!) I am following up right now to get the best team member for the job and will be sending over the keybase account to @dillo shortly.

jhouse-solvd commented 3 years ago

@stephenBarrs - keybase account was sent to @dillo in a direct message, and this ticket is being assigned to @mydesignrocks (Srikanth Valluru) to get the keys installed.

mydesignrocks commented 3 years ago

added the keys to credstash and followed through this PR: https://github.com/department-of-veterans-affairs/devops/pull/8339

jhouse-solvd commented 3 years ago

@dillo - can you please confirm whether or not you got everything that was needed here? thanks so much in advance.

dillo commented 3 years ago

Hi @jhouse-solvd, yes we got everything we needed setup for the environments in question. I'll be creating a new issue in the nearby future to setup up the private/public keys in the production environment. Thank you for all your help!

jhouse-solvd commented 3 years ago

Closing per dillo's comment above