As a Modernisation Platform Engineer
I want to create a centralized GitHub Action in the github-actions repository to manage secrets
So that any updates or changes can be made in one place and easily utilized across multiple repositories.
Value / Purpose
Reduce the redundancy of defining secrets management workflows in each repository.
Simplify the process of updating the secrets management logic by centralizing it, thus ensuring all repositories use the latest version.
Ensure that all repositories have a consistent and secure method of handling secrets.
Useful Contacts
No response
Additional Information
Existing reusable workflow in the MP repo fetches secrets, encrypts them, declares them as outputs, and an action decrypts these secrets.
Develop a new GitHub Action in the github-actions repository to manage secrets.
Deprecate the existing reusable workflow and action in the MP repo.
Update all repositories currently using the MP repo workflow to use the new centralized GitHub Action.
Definition of Done
[ ] Documentation has been written / updated
[ ] The new GitHub Action is created in the github-actions repository. and tested with the scheduled-baseline workflow
[ ] All workflows across all repositories are updated to use the new centralized action, ensuring that secrets are fetched from AWS Secrets Manager and managed in one place.
[ ] Validation that the new centralized action works as expected in all repositories, including successful fetching, encrypting, declaring, and decrypting of secrets.
User Story
As a Modernisation Platform Engineer I want to create a centralized GitHub Action in the
github-actions
repository to manage secrets So that any updates or changes can be made in one place and easily utilized across multiple repositories.Value / Purpose
Useful Contacts
No response
Additional Information
Reusable Workflow: https://github.com/ministryofjustice/modernisation-platform/blob/main/.github/workflows/secrets-retrieval.yml
Action to decrypt the secrets: https://github.com/ministryofjustice/modernisation-platform/blob/main/.github/actions/decrypt-secrets/action.yml
Proposal / Unknowns
github-actions
repository to manage secrets.Definition of Done
github-actions
repository. and tested with thescheduled-baseline
workflow