search

hackforla / VRMS

Volunteer Relationship Management System: This is an ambitious project to create a system that will help us measure our human capital development, reduce repetitive tasks and processes, and improve outcomes.
GNU Affero General Public License v3.0
39 stars 76 forks source link

Refresh secrets for VRMS backend #1544

Open Tyson-miller opened 9 months ago

Tyson-miller commented 9 months ago

As part of work done on this issue, there were some secrets mistakenly exposed in the PR that we should now refresh.

The list of secrets is:

The current secret values are stored in 1password and you can reach out to @Tyson-miller or in the ops channel to get them.

JackHaeg commented 5 months ago

@Spiteless These secrets are contained in the VRMS vault within 1password.

trillium commented 4 months ago

Hey all, hopped on the DevOps COP call today and Bonnie requested I put some details on the secrets struggles here

Looking to refresh the tokens

gmail_client_id
gmail_refresh_token
gmail_secret_id
mailhog_password
slack_bot_token
slack_client_id
slack_client_secret
slack_oauth_token
slack_signing_secret

I have access to VRMS secrets, which stores these 4 env variables:

Screenshot of hackforlaVRMS/settings image

I don't currently have access to my 1password account, resolving that with support.

Here's the template that our client/backend .env files use:

Backend Secrets template ``` CUSTOM_REQUEST_HEADER= SLACK_OAUTH_TOKEN= SLACK_BOT_TOKEN= SLACK_TEAM_ID= SLACK_CHANNEL_ID= SLACK_CLIENT_ID= SLACK_CLIENT_SECRET= SLACK_SIGNING_SECRET= BACKEND_PORT= REACT_APP_PROXY= GMAIL_CLIENT_ID= GMAIL_SECRET_ID= GMAIL_REFRESH_TOKEN= GMAIL_EMAIL= MAILHOG_PORT= MAILHOG_USER= MAILHOG_PASSWORD= JWT_SECRET= SECRET= NODE_ENV= ```
Front End ``` CLIENT_PORT= CLIENT_URL= BACKEND_HOST= BACKEND_PORT= REACT_APP_PROXY= REACT_APP_CUSTOM_REQUEST_HEADER= VITE_CLIENT_PORT= VITE_CLIENT_URL= VITE_BACKEND_HOST= VITE_BACKEND_PORT= VITE_REACT_APP_PROXY= VITE_REACT_APP_CUSTOM_REQUEST_HEADER= ```

Questions and Clarifications

After all this is finished, we're looking to write a guide so that if the secrets are exposed again in the future we can solve it faster.

JackHaeg commented 3 months ago

@Spiteless Just to follow up on the "Questions and Clarifications" section in your comment, as I mentioned in my previous comment, the secrets are contained within the VRMS vault within 1password.

JackHaeg commented 3 months ago

@jbubar & @Spiteless put in a request to be able to view AWS deployment.