Implementing this change to enhance the process of retrieving and installing both the decrypt config private key and the NGINX SSL certificate and key as part of an Ansible task. This update is to establish these secrets as variables, with the added intention of enhancing the security and ease of management in our deployment process. This adaptation positions us to efficiently store and retrieve these secrets from either Vault or AWS Secrets Manager.
Configuration Pull Request
Make sure that the following steps are done before merging:
[ ] A SRE team member has approved the PR if it is code shared across multiple services and you don't own all of the services.
[ ] Are you adding any new default values that need to be overridden when this change goes live? If so:
[ ] Update the appropriate internal repo (be sure to update for all our environments)
[ ] If you are updating a secure value rather than an internal one, file a SRE ticket with details.
[ ] Add an entry to the CHANGELOG.
[ ] If you are making a complicated change, have you performed the proper testing specified on the Ops Ansible Testing Checklist? Adding a new variable does not require the full list (although testing on a sandbox is a great idea to ensure it links with your downstream code changes).
[ ] Think about how this change will affect Open edX operators. Have you updated the wiki page for the next Open edX release?
Implementing this change to enhance the process of retrieving and installing both the decrypt config private key and the NGINX SSL certificate and key as part of an Ansible task. This update is to establish these secrets as variables, with the added intention of enhancing the security and ease of management in our deployment process. This adaptation positions us to efficiently store and retrieve these secrets from either Vault or AWS Secrets Manager.
Configuration Pull Request
Make sure that the following steps are done before merging: