search

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:
https://depo-platform-documentation.scrollhelp.site/index.html
284 stars 206 forks source link

[Parameter Store] Add tags to Certificates #66864

Closed ph-One closed 1 year ago

ph-One commented 1 year ago

Certificates that are stored in AWS Parameter Store should be tagged for easy retrieval and scanning.

Tasks

ph-One commented 1 year ago

You can use these commands to list out all certificates and keys in parameter store. This should give you a jumping off point for which entries to tag

aws ssm describe-parameters --query "Parameters[].Name" \                                                         [15:36:39]
| jq -r '.[]' \
| xargs -I{} aws ssm get-parameter --with-decrypt --name {} \
| tee -a ~/bingo/ps-`date +%Y%m%d%s`.certs.json \
| jq -r '.Parameter | select(.Value | match("--BEGIN CERTIFICATE--")) | .Name '
aws ssm describe-parameters --query "Parameters[].Name" \                                                         [15:36:39]
| jq -r '.[]' \
| xargs -I{} aws ssm get-parameter --with-decrypt --name {} \
| tee -a ~/bingo/ps-`date +%Y%m%d%s`.keys.json \
| jq -r '.Parameter | select(.Value | match("--BEGIN RSA PRIVATE KEY--")) | .Name '
barbarello commented 1 year ago

pulling into sprint now that i have permissions for aws

barbarello commented 1 year ago

current work in branch https://github.com/department-of-veterans-affairs/devops/compare/feature/ps-secrets-tagging?expand=1

npeterson54 commented 1 year ago

Rolling over into next sprint due to some unexpected PTO and a large # of support requests/cert renewals

ph-One commented 1 year ago

@barbarello Let's break this up into two separate tasks -- one for certificates, and one for keys

ph-One commented 1 year ago

https://github.com/department-of-veterans-affairs/va.gov-team/issues/69333