ministryofjustice / cloud-platform

Documentation on the MoJ cloud platform
MIT License
87 stars 44 forks source link

Concourse: GitHub tokens review #5749

Closed sj-williams closed 1 month ago

sj-williams commented 4 months ago

Background

We have several unique github tokens (some PAT) that are in use by Concourse pipelines

cloud_platform_infrastructure_pr_git_access_token
github_token
how_out_of_date_are_we_github_token
authorized_keys_github_token
github_actions_secrets_token

We need to review all of these, ensure that they belong to / are created by the appropriate user. ie if they are concourse-bot GH user PATs, we should look at renaming the var to reflect this.

Alternatively, we could look at possibility of managing them all via GH Concourse App?

relates to #5748

sj-williams commented 2 months ago

github_token : cloud-platform-concourse-bot

cloud_platform_infrastructure_pr_git_access_token : Machine user for the MoJ Cloud Platform team

how_out_of_date_are_we_github_token : Machine user for the MoJ Cloud Platform team

authorized_keys_github_token: Machine user for the MoJ Cloud Platform team

github_actions_secrets_token : Sablu M

tmahmood72 commented 2 months ago

curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ****" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/user

tmahmood72 commented 2 months ago

1) Checked the tokens for GH user cloud-platform-concourse-bot:- hammer-bot cloud-platform-concourse-bot

2) Checked the tokens for GH user cloud-platform-moj (username for Machine user for the MoJ Cloud Platform team):- cloud-platform-review-docs cloud-platform-infrastructure-plan-pipeline cloud-platform-runbooks PUBLISHING_GIT_TOKEN https://how-out-of-date-are-we.apps.live-1.cloud-platform.service.justice.gov.uk authorized-keys-provider

3) Need to check the token github_actions_secrets_token which was generated by GH user Sablu M
@sablumiah please can you check this when you get some time