PLT-1491 Add mTLS env vars for worker #1667
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…to ab2d" This reverts commit 3eec5fb.
…ronment using scripts/tls-certificates/make-ab2d-keystore.sh. Add keystore and public cert to each environment sops files. Add keystore and public cert to environment variables.
gsf
reviewed
Jan 5, 2026
| /ab2d/${env}/worker/nonsensitive/bfd_keystore_location: /mnt/efs/bfd-keystore/dev/ab2d-dev | ||
| /ab2d/${env}/worker/sensitive/bfd_keystore_password: ENC[AES256_GCM,data:i5nMeZcvmDbAwwhrajXPJ1eTDOevQGkjrw+2QlFSlOk=,iv:yRbDIJiGLtrEt1klFEN1fz1AKOTvRbN+FeJbAyTVxnE=,tag:kbzxuaLiON9Gbi4KDHzp2Q==,type:str] | ||
| /ab2d/${env}/worker/sensitive/server_keystore_base64: ENC[AES256_GCM,data:yiF7fbawGgnHQS8zIu+S+ZcJbnMZ2/M30C/P7o0nYQB84HaG3Tr/CLBQnWjLledlrBEtbL3+bv9StNzuKnLl8Jnk4oDpVXoiClLKyxA0BPDUOFoJtO4UYW4XoYHA68mQuN2/qEl1DdiBFHBbBVtYFZf7DFO9AFrZOp8rUX//jPWiFyhbKzORH06Cthro6CXrt+86Km7MiTcOWzgu9L8fYGj2slj24VjvhuLurW6qsUJA7CUuwj7gPuMcmzogutvwoynW+/CmcGGeHC19MeL1CUFPWb2gIr29vh3WnV7xpOkd7gTpaW+7mHK5vynq7hpYxt/PbuXSeJmSKaAw8pmpBLtypj30W2PZqrX1qWomuv3bVo+DfdrS9whXn6qTqbzGKw7diAtdGwF3oWlwAk/fk2DVA0glHXNas16/IBDfkIxMxNmEdMBGsMxgkeYV1T8okA9TutxOiWUIQ4oESC06TiAbGXu3iV8Q7g2USqhasVCR5qHutGhLGFsbPMq9RLmbxqo2Dz9zQD9UvWARFio33qn6EqWWrzx1k22am2kDXxJv/bsBg3y9yojhJI4Ygxt0nLcEu61HFfIVOTl3g3A5ZmyWunLrMlW9LtF2Oe2z6VdVuGp5VoIwcAvK2htXmHp7NqbmCenRHZSkegbMN3TrzvaD2HoX+PJ9wCAN+bzd1a0ZXGstjKdbPlqW7ATrViN+Kz56eC3/Ee117bD7MPsDMDl6x+G6cy0IK14dwj0uNj8q6lgpkcdtix1wpxTfS4HUpUL4GDKHpsZDGdmu/vijcg+qffA/37G/UDchobpt8uqBwEZwbAHsVUeHB2lBf8ibsB0F3yBm1zJK6y0HSn1Ft4Jq93qd604/+7zBXHrd8c6iZMZJy78lQzm8BJU82xlvBbNPN/kDw98dizfdmTRhp50iUeSk4bmIZkyFaJo6VGdFuA7iKh7MzrGw6gHdLdEHtU36+fhGrrXOwnfAt3+V5OljBMj0TWLvMDhHxv2HQSsKjxj/1xgPDZmHh4HYROPJiLjQgnHdxqpny00tmWtjHBZ1yzvDkw9c6RfXm1GdfWxcZ6RVZVXXB3q13xUXCrqsDpCOeLhbBgw+bnZPAs5ajylF6EWSvBy6ABzTUMwtwYI3gRXJRXTeVaM/+nuy2Gr3NGXWlfxocW21yWdDK4Hjec3gfQohz0yO6IeK4YZfyoX2teTb7AmSX+B8+GgzyFIeFsyKmY2bC9scPABwIAuGpkZJUIJRyq5jW7nkEAwDlgv9fuza+FMnN2y+dH3H6tEzJ/mfkD5LVj7eV8xtM1nbh8sbAC+Pwpap+Qo5Etk4ZnKuAbcPYASuZFrvqYftlwTxpc8yZOc5cS59vg7zEe3HUbSF0OZrPeiDvlFMOEPOrYQouP4e27W6f9v6EYtcRwtaMDK2yAeAg+COyV7vjl4hpFgBGchE3iN/ZXrbASCCjqTFRN+/hYa4gOKt4XqJp6mEhZjh4lUgRBw6AaZxVmXvISW8gRG2ET8xUtXr5NL+p8UBHNComwtd04e6RtbAjDTFZ7T6SSWE7UWqFO7Ndr11G1rydcs4G1FOoNg1UUw9cMJt2BDoKXJ/kjqc1xT1hj9A2y4iEOLg66slQLYsSeueVZw3/C8kK2PWvOQzZpCFyNrMVQ7XvdgrkTN04hZMLCONkF22BsqKPofY90w2h+j0aLp7oST09PX1ScORj4cMNkEcV1Vb68WZKhfVyPpcpEYRE2E5jdr/FvbzfU/Z1fIgtTjJko9/m66g+OrfLbbTLClT81M4b84zWTy5Qj35CFNsJoaIJ4cMX6z657Y+/Q/NOw3Prr/TNhPnTM2aQhQceV80zwgHozW41AdlBP/AnaQsLURNk/xD2vKJDzNqEkPUon+eaHGHjGWFGjnJ+V0EqKi+TWdTN1TdsnR000zbHGwvDdHxDYn8jDsfcCeET4zVzex6ie4rvCvTnnJPampTb2h7CMh6gcSfEMVEaQnNjIUFw1rYCy4oB1MHZ9QmJfm4jCHPSDo9kJFRub4OV8p2+/3LxZMkD7BQjo/Eqml+ZPd7FlmcuadhqVZRXZQu7RVw24QWRENdEHrk1bfOMqpaEdr9JA+B3QGAh+5vcpOx3Te9FLfhr4u+UNAorn0MWFWYvmilbCpxXQb2yslZPSzgQUDrSuyF8sOCyiIiV8711ML73l206VST7k8XssKcO4U3wUWbibVx24AkucHs79duriMlKR1M4z5yqz0jS9jBVGpswt/9CXcLbSe0X64ZSVNutIosS6TNCAQRaoXrWxwghFyAA5r3upRZX3OJiRbJ9ZC3dOPn6ybPFv0HOvCm5lQ75/POg6gPgv7SlDeJePSfOJWXGlmXiLBuk03zO9nVCua8QUR6ifGvBJwLxseCml6ebldqeLtYTQC3m9d2Gjx3y3a9BCwtaKSLBr8hGNZHWn/TSng3n5idwNqOkmb3pGF2ae7TMbvUVdk4srlvno9dg1zgEGJ7+nueN6npJs4zOGLyHGrWDhoOYdzaVG1+td9UYj6GpXlcyMJDiQzG/FHJ434+8POTb8W9JoWqhd882JJqPY22ghjRwYmPampQt8a/htmZcLABHlatl0YyTZWz/d9DeRmDsGVQsfBvgmFmeLvOtlO1TZUax8BWROkiOST+ygUn1RzkaUpuqDCmXVBkdJRNviS/9hqgaGNBn55AyDsSmpdF7jqQev8XLqAeOyHHrSMLansLTh0Y/pjV0ZqpNVBu1vsMsBsIcWqAijWCKoBI58DixarCAcTC7QsjmIUME+P8qujmtJO1KkOags/OqDwEG5YzpOwkbQWbSIPqMiKM/MweKPL9WLzxTIsFGSkGoPERfCriMOATH11/1hJ9hv+TvjaGsLXcrhWT3v9+h1I+W6OGHYugCOi4l1haAKJ/b7j5dehdnp49F5i511IdnHZKrAC7jMpia130dkC4wQam61BufdSJfd2mNUVVkAYqO/XKa+oHSKHx5paASSfPLGTkzXFCwPiFQn3j6tiSfqj9A0Kzc/eLFUWtaRtMp05n9XkeJ2KlCzft+npJbLgt+05uixJQr0bQYtcoPvwsC049zG/hQupO7lZgJ9dilHSivB4GVgG8YudNQjRK4yMhj+aj0tJtIdTMNkC6O6yUCAJaSMjxr3MBRJGnZXIihNs+ZfpBejsRYEq4rh6vvOzqQBMcrROYfWDUPe0TvfuLLxgL0DU9L7WHPT2yavx573at0cuyJNcM7X1oFAFzr6GGlupG3dPpkqpDmigGAymj27c7Z4VQu8ev0M8IDf7YDCscOwfl5BZiwhEwduTXc9aLUFu7iXlr27z/zBrku2y6wQ7lcEZmUCO8ovpAfIPtzMPsWa5cyvboEOY05UV/tDh8AJEe7L21kYXAq48G7RqjGn6eE3wxPVQnaq06+DtRQAFbWuZEOfNHnUXmrSomgqzRH7zbRYRWEZNhGbVDBB0xZSWj9SN2/wQNfLOzSg3v3p0jLQp9uo6m6+bBOXWT3H1viGkglhI0gQfLR+ejJ5o3a8iv9Stq9O7Ounj1tMUbkzOsqVoMtLN4UHSYWHns8PyKgTnEO8giMUFTUXvGAFTe/fpzZnbgOXaKFcFaEcAPC14aO+ZFQNUt9vqNrstFZaPVuAAzzygMBSSJogXvTHoWR1U402i6bZ5ISDdERWMYb0x7pCQL2IoxuQ370mVopZPBuLRE2PGdZkjUCcWbi2psOyZ+dpP19jyuafOJD4ub4jKYi+itlFJNlU9JXr2mAhuyZ3VJ+zsvt6kJmxHpH1WTQNqRSr/HRwkE41u/rxh1ER18KY9ydrK28v29lxgK/ofWZ0RMovMGf6cKavMV2X2d4+wouGlbOo9GgL3p60IGCwzOoWI+H15+Pif/fT5mpOXzSdfjLHx+z+QDZGyaG1dAzHEe8pFWY5BzRSHikB0iOcLTGvZZue/jiMOnSZAJ9pl1hIPiexD6nBoHmHicJ8NH36+iDOUvXBkZKIvXocArYoOsOvtSRRDFGEZ3xuWOgn5AXJtnPZmyhlOIbHS+Gjs19Sl281EyJ18IgHBe4La1L1M+PzkqTyl7Fox0MWKPNTw9Tp+npFSmGl5Ulkq28CaSkb6oA7KcyPJOLa70ea63D/xPcicIAsVmArzHCH9rbyHpsx7VUF6FK5Xdu82zQ/4/BxYtkU8dptJouMXZTgVkdLU1/hZroaXKwuwU+Mi5Kc6wtk9Uc8GAAf+AgCevM+UyxnHIaHXVI7azDhFhIaCRZvTCIn4gaVIc5Yu4pYcwOGVEgzzaK+VZ/A9J8Hy7QtqzCMNguDnxQAyHukYag6AvJemWnvbzJQ9vE6uOSwXnC8N4QSrux1xnbwF17PZp7Npu1/lRHwIcPb/msK+oaGUUY2QiGshpNfWmImCEBDtSC19fEOnz/99OlAIi5DO3+8cAIbB5LSB8njWlxe54MlsjjGIFLfmt8wW/ob6s95UOZQn49ykkudc+kkugP62zbmK6uEzdKLzgqSsHaLhrbpmCvUa1G5tLHPOVjy3w2edmlifyuS/4f5hE9ezKk3+Af8skB/xZgiX9PJI3u1oHw307M/uA4RTcKyf0XLkdiVGSr4pWlqs+18h5FcudkH2bAkS/AWumrLXLLwVKPtVZO3KDLMmrsKVuviqrn0sqfzdfxtou8PxLPYh4R7Hum1tVeDiH1LEsgb6BxHs/Ov40TgZymkiy/dTQSDZ29PDqJbcEeoo6dFmnaZg3dKTO8V4hz0g4UU6Cy/CELznCpdVI4LJGfpnHwOX6YrUbEgvlNC/j9goPZyeKB+ndNkmdg32+wiL1wzjJituooxpOwv1FQYPQIx7C5gZTERSkvwJTewM6TWdWFQWKqAgbxFwJw73G1ovMd4AFdBB6QV9jY5HtNeqVFT3TJONxkNqp95YkkFy3hYhKUYbTCXZRp/bjYN4e9Pg8noKrQSaRFyuzWAAvmH2WQobfdUVsD+RCNAzit76QRETNVK2NiSRS4fjUxnbhKLWVfKKxucI2ve2omUqiZqUY0HgXGy+Xx0QvkvV06oaa9iABRJA49sicdOu3Dm6EFWkSqA16uvQplDYy3Z/Zd/YlFENTYywfZRcE1cePFwORyDF7DD7NYgrYcpx0OxGGFx0gO1bLU3ZQhVJcN+vsaJRtodaTTP61Cy8wvDYfWqxXmNfXtQV6tfjhbHCGm6iQJl7NHnB+7VCnaqTkIdCfxhEvzM/p6+R/mRVuQOadEoiG0aTFlTUJMzdkzoCsXzsKxM8c+6HKXiiUkQEMJ5blrmIdX8SWGHozpoWqgiLkyFkvnTqvbB8N95msIRQHdEsfvQGgi77ATIiAEplKFOrQ9rXgdazUDqdyZqXoTitfb032W418VG4XvRQM/xpOxaLVQK6LZvXrZhqk7j9tZO2MZ7E/ROgImvHMigHr4ONJTccse+mt0vEEBAd6fr8X4aQnh0woXBJ2smwTHHTJVtpEOqbGzi/kGlNqa4E3uu2WpfQ57C6I50oIQkjLY2T7H72VOHglotEOylI5KNZDrIjOwDJGAAuMBN9pyhHTHKRQbAeiuAQVPZYUcZS991EDpVkhHpV6B+2jbqmr5llrWSBUag8kO7RLvSUFIeORFe7E1gK4VT6JiFk1EZOarFDzBJMMJazen2mv3Ni1E30XXBkxN9HGgK3/8SEO/PpKdvnvOY8EdmmtY2oACXCb9/ZB7/puLWR8rUANqc+QQzNyYTnA1Wuq6nqbDPjJ+mR+YysI0o4Us9N/AA8NElWj+6FZu74IFiwW+bSn4E1lJiYTRFZ3eYDmg7R44NRRgvg7fMyXXb/2HsgGq5HWNsRRkUWj7j5nqjnPWckGl6p6UfqKV2svuBHUYL0zEbqsdgM0QwpgMCT/Uv4XOc3BDtv2gerNnF06NfIdAbSDNnPBVZBMW8PVOwvaoaKsVrA9XBXY1OsX7F83ayHsG+tN5qLyCwaIObp8i0BQZqvI7aJar0o9DCW1uCWRiQOYTiuQfAeLSt73P1iW4FEZOMXPikIewHzXy37Er18mP7y/AerxbFYWhUBK6ubcv8VYeUZSnnB6q7I6He2POud41zlabglNSb20lumew8DqVNEoCy7I7iae5BloRRP+mCVfW/UF3f99KuoEhTPZOxG1t3m70wq2++QetRezH8LfG3rNQS3zPcEWpbSUv3Z2CADHuFm9WWxzsPB2va2d5n6FK4bprJpCFafJLs8HQi8yE++bjCc53WPxyq4+avoaV2BcE//p7w5TQspZXARTqGZzLP9jdL6mfF14kNwTx+waEV1zbOlumTRCtzrJumSIFZ1woTh5YT+tOwWm1WsiVB2a/PQ6w368hZoVLAMbiZu1jq9Zr84rl4aq61iUOWkFIfh2gY7D7dE39RAFBsAmP2KR6XSteN8sQO8YlwNfGPU1L+eh8X9Tt88tHFRUZc6pPdG0E4n0I6/etPiGgytUaiXI4P9j1TfEG/NGFlnwb+oYmH3526GUiq+OTSL+zxPRkgFYPY8+tPAT5si/IrR3xtn8s49bODjziD9GjobATSZ1prE6ufnQEUbV1RclXDXu4MVJkN+CjqS5kH1lgTk3W7OZ/ltHmwHvwkZuCBZwf5zfHw71S/vQE8dPK6yh8j6/bXJ6rnzjjBBWKy4joioUWSOTJW8D78hdu8LlJjahT9jlqDRaSa3clTQ0q0mYw4x0zX6JxtQSRvxyJa43TgcaL98bSpY2JJlfBYLeUbIeB8pWOD8JI13PAlN/UsSDBlV01/xkwtGfWoq1Gt03UhDgzENQsIBpinv6rcUn7R7jlVrx0i8R/i638g5znxVZqJjJhK0z94fjDAT7E/NryDnU/Lc0AV1LQou0N+ll0td9oQnRlszc6xwvff4lU8lS+F5EKSLFTZUJRkFLHLDmDEmKeKvsd8hW8O9A+a0+0/EX6QMT2xpwdbAGaxwPHugJn8Q6RtljL9tY4TwgYRN9cSizWRZNEuEYRi554rtD+15ZwENJxwy3ewSrdJ3Jnda5m4q8CgAZPBcYlAwPdPvR9oWNl8sy59cXVWIZF6X1z3wPd9TT/FqFIm7U9Gs/SJp/7paIQZvAnbk9HWzkn/+4ngz8PukhICe9HdDeOX/8asZJMJOqI8/uAuy0pWc0QlppSPRJfH3mLQOrUNm89gy10f+E/p9bEC236rODqoufMgqCf3QWAepX/xu39I0GIJEQCZd6pPnTeQupjADYr/Holpdrs8J+l7nybQi1Mn43Yp4xA2KqBfjyHHIAEfPHRNQcuigKwN8lglb5lNGdvVVVohT2tc5JRswnQou34v0zqDrhpyJ4VFh8Tk66gsSc+xtgvLITY83F+2zCbaO4Ye2dpBdLsdTHY4+5H6VJ0o/bhMdpehilSOxbGO7jqaWWcaRemleAuYReBLavIL7CLx6OHIYSUuy7+JAaKTWzuriNFDcWhWDa8LIX0ncl1Hw3jARAJMjSgbsA6peCp/tXvDs20pnplyQkU5mdar1I78cpMP5cWH3nmRlHBU1xRwKqMQAcvFw4WksXXjCsDOqZUs3qOPFxIXkPSw0Kz4quCsqPQxIvfhWeky8F1osXD3UBa8J0OV1Hh6s7zAGa8pu9Sh5hKconckTiYu6Ci0FC+svzSsHqbCA1I/zjK8+yejZiE5JmEMpHa067Abl+J9+ObdU+6vQJamFsDy7o6+ClVi+2Og==,iv:/ihnqcQwfzIa051hiL9t0SQADf3DFFBpNtMx+VPsrfc=,tag:yNJ84p+wYcjwCBl/NKJPHw==,type:str] | ||
| /ab2d/${env}/worker/sensitive/server_keystore_public_cert: ENC[AES256_GCM,data:oNdzlemMB6rQNtYjQcL6sCwoXCKNRuHR5w9UdbOOl5PXwOcq+53Ip+mjj7ZAlslLnZ+N7jued63TAsOR1ngR6tAtFIWtCE5s7YmHYN5yKXYgbFp7Qzf18JFJutsrF8/Pr6wp5MVhTKrObPGpb2P6C6g0thqVXYoZkUVfQkLP/q6Bcqxcelxp99Uk26c0t+YpqKkgm2wsk49DPi0oIPDiShRJ0aK04eL5NQlgbkt4ip5IHQcsju+aOAyWlM0NSwpxTYnvpuRXDKNUKv8+fFV6vsRXuxj5pMDm550tSTAeRt0ciXqY+Th6wXWq+/DiIAQ44XrW7uLX4/Fdev+T7C21d1Hy/KTPInkhXkB8bUiLQ2uvLh746EGMaNBMvA/8/NVHTo3eazSsEN7WUs4lX+Wta+MRSNi18OEnwl7AcNUvh+VOX6izZ5DxVr180KpXyxSFJvaB12W8rFdy8c4wjX3IM/1n+oFemOoY9XLFOhrwFxNs9Wh4Xjmp9g4c+yFQRoTO3cssajN0euhagwox4UN3ZZ/DPN164Lm5D+tbP8cVo7sdxk6ycybLJhTNCQvO+R5cnydKT8u6pUnVGC7i3kvPZovzCCBPUuTxKA/v0RkzHOCYdarY1hDpqip9akVPrAVFk3TFDprcZ2Hg6Fqt7s+wsC5tJ/a8LdKmIi4LZAUUh17Cbn5NrgzAHmuqVUBNs+VOgoOmEV8fW1Dc8gczCc++SXWvtMYfNpTsr4ykSCr5Ysw3CnyXifQuBihA60d/vXSXQoFr28+leLunDZPsV0DClbGTKZEQoJRPXJplkOVxjoiAz08SWrHo8ZfKh4zrrlQlDn+iUUIeUejCVwhFW07O8UUnWbqXqR13fRetmINojnRzErDZiPP4LGLzQb5/eFWFNNNRxb753+SkcFGfPC//TuffSusNm6H7KR40Yld86kN5P1+yZo51tfnqYFGdcnNkDN+3qaXbw5a/6OVon5veyZk4cUVVeI7Xzq1RudodS7X0ASgB9SPIakAGDgknGyF15S2n3IKh/8iLDpBBjvtqhzKyCxJFJppqlKg5kvlQyXiKZdEhMZ2cQmJIxeVW8fjgODZd375doYWzzrOXAnIabfJLhgEYjTLjliG8WrPKXXfTCDs266k+cHkDzVcqKtAj4o1wTvZcNd8q3prFQ3Hub+qMoPzN4nnkwF8/SNOP6rcEK8pYpieJNkzAQ7oyoREO4SVAAZMJ14asGoP31N99THO0MdcW9mFtXTwSF88L2ZwYUBajYSM+sFONAZwCvDWcEV9wV3elqzG+GeqQXjm//M23WeAJttKQZ+U16tMrkzd4RbbvZ+S1g45lPTAnb+Q3iMuuYkNtGJtuoQFnzGMc0orr4nWUpQxXhEggu27LWZztvV8PAB72qzXfsbIUEviIxG3PYlU72x6ew5w1l8s9BvGcEL7Ek/ch3mYkcjn3F6rC135VSa3M6OtDd4vuVEGCMKF0aagrvy8OfID7xQ9A3lwszVmd097pGCD0MQTbfq+VicGD7wyZHKdAUoTLp76B603kPB2dpjZYsmTnsvpPJUXRm20t5y7uQUjCh/y7UIGyMd5OFzxWP1P+yPaq2yp+zDm4057Izwx7unTYHC0+97ytMg3PQakskxQkfXdEYRFOoAf3YidiQZWW3rmQdA6Hf+HdywDnPn7QApQZxJbPCoYr3l2idK68jQqy6Nmmghwa+nN1lwSjgJRuLCQ3taN3n/80nRflwVsWsCB+ipKCOCBzCxFTv00mXd0Atk0U0z2kTDV14lbWuH4GqD8YxTrrHTBqRDWghSZhjqC8EHxIhrKUCncj1T6Q+XJo91XNCcn3zlr+hVIi5yyJ9Qes4/7qibxilyqLGprb3OzZ6jLSCX7tIQ4kdXsZpOSrphyV3IenZAzcSS0PPvle4M8swyfq8qmymIC2Vf9e0JwXYPsHGxsNpBWKdTNJcOYsPUTdEr9mEbtVqB6xB1ay5QE5JR+BiMPTU2LrPtRald1A0Waav3OjYfc3q6/H9zpEFs9pA/bj6ERx7bLXZZIHBuyxnl7IJxIKq65M6giKWwWe83jQfLB6JOlGvYtFpNWHd3bYMiaiqhl43zUV2PGhdvwyTSgTcssSAlucKcLaEFQYNrM83x6miwUQXU84hdKCpluKnw07Z5pK4HYQSFQyBXmJV5JkxEhJCwPRLH0F6QCqEoO3kjCWL2UXp9WeNoPqUoW1b9RWuIr0qso0BbPiYBHh/VQVve3ZkPM4FPHxvxGjPyqI8guz9G3W5lgw02eknSNrKdzii8vvc+R0fyc9IeINXblYDCiD6Mt2WNhFzejpiPjgjjrEUhf1Z4OCwniU0vpDd0x1f7uHO95Wu6Uf43kbBlPPO/4OaM9A4uJxr/mlErfdqIlSinTQFehiXSwjc50bAB26HopJB4WV3gX8HK1SmRgTOeFzmw==,iv:DfzSdeLV4evfOBSNrDUg0WHy3to/5yTuRl5hE/VWON4=,tag:sk1cMRjezZmJYSJf/8LGYA==,type:str] |
Member
There was a problem hiding this comment.
Does it still make sense to call these params server_keystore now that they're under worker? Maybe ab2d_keystore or just keystore?
Also, the public cert should not be sensitive.
Contributor
Author
There was a problem hiding this comment.
I'll make that change to remove "server". I made that var sensitive because instructions at the foot of the bfd cert generation script indicated it should be sensitive. Shall I change to nonsensitive?
|
|
||
| tags = { | ||
| code = "https://github.com/CMSgov/ab2d/tree/main/lambdas/optout" | ||
| code = "https://github.com/CMSgov/ab2d-lambdas/tree/main/optout" |
Member
There was a problem hiding this comment.
This change is a regression and should not be in this PR
ops/services/30-worker/main.tf
Outdated
| bfd_keystore_location = module.platform.ssm.worker.bfd_keystore_location.value | ||
| bfd_keystore_password_arn = module.platform.ssm.worker.bfd_keystore_password.arn | ||
| bfd_keystore_base64 = module.platform.ssm.worker.server_keystore_base64.value | ||
| bfd_keystore_public_cert = module.platform.ssm.worker.server_keystore_public_cert.value |
Member
There was a problem hiding this comment.
Because we're using valueFrom below, these should be the ARNs for the SSM params, not the values.
smirnovaae
approved these changes
Jan 6, 2026
mianava
approved these changes
Jan 6, 2026
gsf
reviewed
Jan 6, 2026
| /ab2d/${env}/worker/nonsensitive/bfd_keystore_location: /mnt/efs/bfd-keystore/dev/ab2d-dev | ||
| /ab2d/${env}/worker/sensitive/bfd_keystore_password: ENC[AES256_GCM,data:i5nMeZcvmDbAwwhrajXPJ1eTDOevQGkjrw+2QlFSlOk=,iv:yRbDIJiGLtrEt1klFEN1fz1AKOTvRbN+FeJbAyTVxnE=,tag:kbzxuaLiON9Gbi4KDHzp2Q==,type:str] | ||
| /ab2d/${env}/worker/sensitive/mtls_keystore_base64: ENC[AES256_GCM,data:QnpifHl55We65Bvig8Ca55Cou6ftFVLRzH651F8c/by2QaALSpt/Y/beFE4RMrHk2vMA5BXJ4Nr+DsM94Z8Ari7D4G9fy4DnBk7gGS46BFAqstcZ04y4AdpafXikqSdEj80Vbhke6RJjd/P1fOKr6fPWuISdWDY7/FHmAbrFy1FJ9opZ7h3MZp/6LuT2SONEZ7jYmaigKY0OToAcKvthkvhToU0L8cbDw9yBM7iVPf8s937o+kx4IT3rKX8SkiXi4lTpJFfeGcSh3gOXDOQxxhd6cdovgfcOD0df6dwKvGEHWsAqxoB7XHEPInZ74JTWrR3268cYmZZHiXa57HG1wpgQWAkAcg93hS5/XSomArGg6JjwVLS695ZPNyX/5gdQZmDOOQhb4t+e+tD4QEhxzbd+rs4Wv4jvsjhczvxXAJahxutD/LT9joGtkN40Lbg3ofg2pTlOjiMcqqCYUgHaWD+Juwr3WfiN/3oRLeO+8yYD/XfPVBLChdf7+5FVfCnwcqREMVn3IRXloo/Ldpj0nwNpXGcMPlhSZHDJ3GlgetPWHvDKHOoESMspWR0QjG+pMf5tNo0qpkvpyxwAqyo8CPwdG1QiwedmXOXP7+p5vVvZw900xi/XfgdyGnzLjr/G/vFTDlTXNaODhAL5tdsOYWe85q7SurpZYvGgqq9ZAH15qZc1G3eqSZynEcpa9+8r90NuxatLN7LWpdcbU5LRrnA6a5tRGqCC9l6Xf5ajDpQaIm/QCTNCVybLfosukASsrFGmg1hoR+rqrgSPfAEpOJ9Zs/OhdUF95+neB9mzekLN8fmpWTCClV5NvZPYEch+qb19fr0LSNqplMy81FcSdTLOlJPQ5AERS9yBUF9w6e2DSV3k3X9xYY1zpkDyA3bP44K6ERIEVNVfaVfFSs21oCO6eq+JYvso9pdQDvZQOoVvPlNKXigRaBtMCvHbR92CBgk4inZyGm3v5mMZAvlbzXEegDp1dqOvczCh/npSoJR5n3O03ipFnYvF6NG9Ibn/tE1RGrPyJ+w3pfo3wmQdAO21B5TuCFlOPysmNg+oLkODuEB1OiA66n6xi/al6gdugfEQ/SN6hycnYxGigtW6FGgbb/R5dYCCMuKnhWroKxTsMZG64kZZIjwVg1d1xFueWFzPCgbEewoc1nyWVfsJm0XAASDApMKa+h2jY1v3F7tZy2EDzWHYFh8iaBfxZ/GQjs15G6lmbHbQ20IKN9ZDM3PKI3vEqOBJo7CiCLOLoAoXVJv9+bMFGcieXP54PMsblXsOIuypQJnDxb2N97R5aLUMiPdpROH56rcPHaG4Vny5Du4f4gxFIt1BbTI6BusGIp4hRmGF8jrKjvEkJ+cDNfFaO6XCHc4jG5J6W/Hmc9sKdk6/MMMGSJanyEee2XCF1E0YYUJ7eYxyo67NWvM0dvez3UJBDpwEEimfujcmRVrSYjj4IE5NSh8s7OrE+45SnUmoWbTyAyt9odqqNjqdv3MgxYQ/55YB/iywIefrL/p4vjy5Z3yrv/B7R0Upto4g5PwfGCsWkyQNEncysBeBk3XiKgeFK8xdE9Rj6wqzZPNQE0758gXJDFc8mu0bcfdxMfK+j2NRwJ31kz2WMkzAZuKudNS7XI/1ez1+mtvjOl9feJYxayXtJQKrWnso4y8nKfLo1cDRg7L3rZDb87SdoIoXL6LlucNYGhmL5frgLV86VsNHDpxCOKOt93N1j+ZxGi0yERhV+rEz8dNKvLL4MSk98MBKdjRA3HE4uPqVzOAyxSIk1Mt1Hu1jwbyrUgfaVptZS5ILb8p4IYqh5xqJTrwdU+jMRu5p7R2IfpG98HmTulsx1BX+sUAqREIm0RaVW3OOF1AXXIZHoNvVs2noW6kwc7JafAc5fmbApEsyjgbFTG0K4fcQhjC1/RHvfVSasXeVNoflb3v43l5L4Hh6GXgcielOwTNLc0W+kaITFdwFPaEBtlHBBKl9qaNyWtAh5RnGVBSBC/XON307xB3T0scwsqB4mWDODU+zIlV6TS3GpAHL4AFC47f8YZ3C167R346DY6h9KKDOw4Mn1+Phoy+I6W/WcpwSUcgE8WfGgx8nexQTtxQ1Myp7JJa96O3gH5LfO/cy8V6V4Uiq9i6UD1GK4jvgybP2U7FvaSA+jmcNEXhcN8eNuR8Vet3MnBS36eg6buwaq2l/4N4dFV0xL7M9RpRaWUcnRfEqu/TDaXsBAFtxMULfnxQenxAFLUVdBzrFwWaPdeE/A7Gk1kA+zXBIT8okzJaA22U0NJTqJGQ87eupXI/tHBK2HubWvkCTg1WTJSx8PeW0gNnp+qXrQ9kVj/gbFv844F0JyreaCO+eJy7dFfKe2iLeKKIh1sgNWwDK2tolNXmYoRw/h0IUMy+Y8QUCLCNCHtmnBftHCVX2xxwAwAXEDztonUnTtpg8wDEkqavgXtw+We5QDysNt5L2QbWzAdNpTjiqpvtSasdj3TwHmuHz+RXGisQ7X2hSutd2xipcmksN6r6pd7xWgJQ9zeOXrQzPwk4kCSZ35K+WtMtCP7tfiONrBEBaf25u1I8DVKgGgGtIT2DZsrw2yBiTBVqlmLS6oYjwvUjEYzBeq2cM65j5dCRJ87WdMiXguQTJWwdxlsJbVooG4GKE4GM7Qmfd3h69YnrrDkBUQmLtrZ/5MbzGBsaFkNuHc2XSOW90/L1owPNaa8mElvNi8eBlhltn9yBmlfN21qEv4vSn1p4TBLA6DxGIjJjwGrNM4QrvoVjlfJaO6fcu/8g0ejw92mro+pidH38Bx/hYGWvUg++CNGaegXjzHYYaJ0BDuvTKUiDf8GJfEsR4syXNueU/skrs66YOcEWwFqxYxKBkmInwbpp55Eq1XoQbRJH38I6SwdhyyaYQ4t9hMyGVWz9ZSzUa733A2KyEXEh71epDnnmEo6VZjGWexgK1rzkKRKIMiTrnQaTik7icm2ezuadpab8CYW2OhCfYojudOhqaKEm0j/98bSzK47j+aqmAfE0IQVlzZfaWgxLlt1Y14CTXrzBHFleuTMK7VjHMiZaQ0H9tehy6UOxhjkQU4U78GKzWDeGtMFpl32QRQaUoPlBVTKHGdfe4NtmIDv7FeiMLGJqCSeIsQ3tsD5G5TETK74Z6VXFpK0M3Mg9Fhtjy9KbbE9VFWQXPy2c5QrMp6FFkTJqa4ydPHt33iDTRDfCu9CRHApZJZ9IwNSIQCwWL2FcqGdmV3vX8hfT4CmJ/DnvqqIlReHlhKt0Ke4dGZ4IvbBy3Fiq4RzYzYZYF4os5Rk/5P2HqRYXsVb337tRVRuuKS66/XZpdsYo5AqenpWjTxH1uB3OAVRQcO8KiQRLU+81kEIV7F706xg2NGGMG68q/59ApLW1uqxR7PjCFV+zTPiLz2sfeQ32gELh0f6SfdNR52yvAFM+giIqhJmw2m7ZuGvodFJSvVWrGqdv6Nb/++igHvHXi5xIemasZpknOoMcTuN5CHvhVfpDHdtoLobhyVPIvD/ozqM1SGS7X5tEhCcqDfqRPFT3utc9KuHQnYAAlUKYdpep9mcm8y1IUJTKqBNovm6BZV2Z8/dJknvuyKXEQGZrc2B/EnD8LcqtC4foOAoAN3tqHpzcVOclwv8/t6+4aKmNSCa5+KuAwjcQrY0Dlo1Iym6MF/Fkad3MaWZZuDxr+Rcmg8iASeFEJ3vyeQ2HiYPWxV+bpAuiFB/FDm1ukzmhMyqJfHXi1mjY16iOs4KDtZ71HyUiSyZlLV5Ehs2KA5EedcGBVveXk3i2pPqpE150ou2W47kfAdIFHo7gp2X4OITflqcxF3rX2LpG8DxYpiJ0Cas8r9BtdefllzUcbMVaTff2qxEWu70dL9elT150biI5bS1mwezX+S+YANIDf1WbANDfYxb1XJ8uKLVLikF4R0Z+dHE6yLo2lIqQmGHl8m58zxdb47ZtdGhlDXMD3qPUuWISsajDYzlOlj05TTPUhu8xeAZBDqyXwTK8ON3X7YOmS8CZTPucGhsRZeVktVkPlVQwv2Z0B8fitkTP7o4URskJiIIRDGIgKguIZDESGoVCv1e5KcUc5v8Uf3dF7oTYOdoxJSXgZ6Iei2YZJvcK45ePEZ/8NGNI0K0OBmPXi56edLRzku2QgpCcQw9AuCIptsaI6dYwXOe8MUPFakNYFKyVOE6774eVBC1xWmmH/K/RkZewbvirQgIfcM4XaM8Dkg2En/UpwCix99RoKWX2NR813LOKubXFhyJ0XCGO4N3TsGWRLoPcMeaULa8Hc4CqyzEOe2FgMVDeRAziAJaIXPkycxsDNQDR12qe2Ph2DjvjQps4If/yAVtA1xp9GvA8ZUToLG1MpFJ7S42lMFR5ENqMACIPUGNjrfYNgl+7sMxIay1Mq3R4P9lWL9TDUl0/auVIIuswvFIext6RuIpadEkd5b8Gp4VGA1Fd91bFWhAbt0fNFKNlptYfVE/1ZN2aCJNtJdgf+G2oXzhK0zXawZuKMd20dGCJQxiSNOAZ6szPoROzAx04Ij8xUldwjYAg3vaSTSS/f1lbtMHXbm49yhnMMG5z75476zdbX8/GCshe31db/Bk72ExuYS1jfIMzGltIDOqa4I3QXNbNbkRG3wj2TWNPbL6lDiVTNY1osmJYkiggoN3A8kh9tP89xj0jqgs7gfM4SiRGEWEa1HV9JGgLHtyq0DOvW+B1735r6S1b0NJ9nYrQ2S6UCNHahWzWvHciEUgnAsQLBLo7PNRd7d3zWH9SX87cC0+UZ6t+VwNKxxW9hUs6YtWXWp3u0Yyl7DcbG1O6hZCcG81R/1nunPW0bdUhuWnJs19B86kF0v954yOmD1Tf3x5SXgW91eFXlTOMDIbVjcBadWhi6R/DzbHdsRDuhrgb/qWnO6Wm+f6Vp03HgHSzbktMW8t0HMO6f9zhuZo4CGPo4REzYZR3dvxywv/bjIuBOc/Emp/wzOeraUSxFDBa2fv1gsItH7j7U5EeU6n5CgPJCJBpM2f+kPfFcm/R/8V8xSqTMK2j7SVgipASR7pOUs92tJGIJ2cka+Sr5HRO0fZI3Pi6r4hxc/vZ38T8rv/Nf+kqlapHbo/ruMyssIBO2XfCYuiCWPu6eM1hzOHgq0RWalQCcFwdhdYN0d0dvfyREDNo5q/ivOADIwxfsrFF4RqOAgVlNVeSLuQB1t/WBiy1WSWkjWAL3dHUhDT1yCiJb3Euif0XRFTHd3yaAg15p9xyYR6xZ9Z7XmMsSV84WYmNBoyMLBtbrEBZJjie+7L8SPOeU5pRgLJXJSyoBs7cMQOx3cM4BdyA/KxYYx8Dhp09tIsbtNRn4nzhYcRRQSdtSwF4+KKe8ASG4AwI2NfLXXapB60gkjcNSU9IvgO01Eb/FQYYFHEv9E8D2ZS1Z5RZ6swFQfZ+oiGqC7jDIkweZanJ51GO00LmUXidxUsEAwY8OCo+LWyZzoxE/aLUt+7IcIUuhGynDW+PMkv4qtgnDmnXiujYw/p2kxIoJXDshmOC6zK8EHZ2M4uzy0RoAcOovJihPBVRuWM9S88Ffymdi+jyYbdnvgZ48eTfCaQeIHtUJjxXTvUrsKwfE7P2rxYMDB52ZPctYS66wQZyANR3Xb4RQ8nyehtIhZoaN75i2V3dMgc/lMgnN/VvnjBrOAlBdsaA7/lVWGKtWgXlusbOIPltKD+vyJj/hjiQJjmWFNHf79GHolM4oj16cc11aFbHdmKKZ4swu9j1E9+ShxYwGnQriwL5/wsXy1HO/F7oZsJv1ZPO8R1JSMjse/IW7Yh9H6pjkB2pMXyQLe9rvl8N+xDglEtsmvCsWjurGfj6a2b3/i6rl3C8GdmyeAfdi7CO0M089DICjk4T68/pNSP03FSzgjefz9CWUdbj89/nAVVWBg3iG7rQokkVUQzRo+y+GIt8H4TwH8EhNW1DoUJ2QmIaZwgGGRXJsWholVansgnunrE0qnh0l6lwSEk5eusrPztF5lKI7raDlPyeO+EgCp45LE/8PCFspWu5ekpAaOHa3MvWmf+ubx+MGLyxyaYYrSxPfyhfjaH2iTv3UvaCw7HmDdjl4Ykx1KCfcemH3wmEf8CNb/yDLaJBHOuBiUTjLo6RAGLkTHg8PjnkIGK+JSfMIz0rx5HLs1N/JnZhoJCG0eu2sYAHzmR5bvFHw2Bjy0AjSpDNzWFvE6Z3RG7J2mL5BVuwD/fz7SnUU3vM2jtVBHUh7l3CSUVG1d1H+0mYfkHgO/6T2ATdmaepx1M+seidqeuAp6Wm10thSgbBDByqZf6Kckz11nfxdUl0S6fjhtHhMhnfdQ4AK/950TYZCmHP0GWgXCBL4sR4HdpcYVpzpKRGb5Jowm6SbTXrgFMX45q7wGPERsa6Mp/kO/EggyHRcLRzl/TKJ+W/Rom3AlMsmtvbg3PUXnRrG4lp4MN7UpcntbMHqF6blUJfHz1QM7fj8QhO6t7/q9G/0RSjnMjI3bgqhRfpQTWCUfoslPT47kPiEpjAsnohKtFrjge3XnIzfc+nUWjDvasGLIt5xGMQ5Z9rfz6bh4KGjCGQvBZbxEsEMXPGwTGJpip4YRk5bBXgFkOck/aXNTh6c8MC69/8VZ9+XdCou7SuamSdlRT7EWzLZQNzzxmGWaksSMrbcYdzOuUxIOqz0rDsIiRnwGGfdbBnkoSr5N4e6xKq+sNBFEbYHg+bnH68qGnsTWkcW6N/3ZuiPJ+0ReIhfg69BzmggEUyY6jH/V52lYZB3PbQWJhxrBawzKqOPkxsrr0xPtT4WmpWSsTuS5enN7Na/SMuueLQrSd7VVPVRHFyvetHda62gaH18Ka10sQrHoTgH9c0aqgsEfHkbNtTZ8qZCNxrDC5d28OZj21FvLzJ8HhkjRGMMq+/P/S0whQ0o/4NG7L4lvnzO871PTGlFDAOGnf3cn3T4uSZdTCnGWBho2kRLGGiOtijlZVEHRaMHs/R6TTpfTGdbzpVfJsxYcOQouVAyJ+orzybDjRuFf8pt+xgH98sFpRaDADSKe5hEME7BRB2d7tWmZbp7a2384GOxKGJfoL/gPmtsoLwmeIfIP2N6FAoNPinbX15jaWmZd/qXt6+2GqYKYM7yIukuj9ajvjd3PtzaHqcjqJfXs/776XVMoM0yZrIv+w0U/qmQYM7A6eDc43sdnmmegBOpAblX9QrD1HWmuYoqyE3YY4WkVz/88D66IYwLidrElaM4pqMvGDS20R0/cnNV169LZLCtS7BYrROru2h1An/6M0iYFoudeSzbnCetoYJ+QW7llEtth+hH6HDarMdmombSeSIcFnpAZwdZXB/OYqRfEdJUqu0gKSAdKs2WydYdu+FIr2sxqcHl9ncXr+rDqJLpK5pNKiYTMYnFlGEsWKRQerSgSO/qqsOyY3GCbEUUadKJDPeuYJv0mRp+YiRiuuKKV1LNao0ojkVo5FF4/Kqw9L4oeEutEYH3m1yHQ6pKXalkom/kzXzFiQBIekBluUPpTrxxAagtp18T3+7xDgpxF7g+vvrsPSjpQPfro2cekflyftlxC6+xs2CqDB2vsuLBXWuzdyerUrTN8/CCg7fpJ5POg26rOsCyzlMSksgJq/hgGuQ0fK3nSnIlPLka55ahgwjyCdhK+lwAjzDnC2kzmDYwPwdv7DZoqv6KrTJVb7UltxjFbjno9wNx6JjuZw==,iv:X3p/jlapdBgButCmq0Z6dxkpDAcXh+Q/H1ho9wWiEd8=,tag:KLm1hHeSYFaokKiSO8BYVw==,type:str] | ||
| /ab2d/${env}/worker/sensitive/mtls_keystore_public_cert: ENC[AES256_GCM,data:ellIWwkptBBk+k/6+agW5hJok3Unkn+LGyh7eemsYD9RP3ZsK8Sd1rVqurbZXkuisF5bwuAfAn6agPkYkWnIrUJ7rBGJ6WYp0OEHo588V+G7YeKfOvObK/CdXeFHdaKPhyUwRGN3Nh5Y3Uxn2AiYPA8jxz+txbb7yU6py7ZFlJpxePtXlUJR+QxHnP1WmdqxWWffupPrpQjyGEsg+GnjZjYGq0SyNogkwsJseiQD7I1ebbz/0BZQvsa4tWo6LC3Jw4yqDGP8D5EbIPzbTKN8i9JcRQ50JwyaIFcXu0ml9mlheZmTCgvn9P+d6QILWtJ9yOR8FE4S0H6LM4SUggPMjNZ+CHDw+CGw2HLY18jzq6Kfe88ajGUP9N86wt3U9+lVTvTI04XoUx4EpvNIER8KmChBKRHZHXj16KZT8ksiIEXON4nIjKbg0oz1b26J+MBZfdBrqbi99DeeKheXoSQHRC1UE8ZE5i6PQEFD06SitEjb/qyz01/CAVtlgIDLA7MWrFzdDqiQkcpGRO/zV4w25+vSUoaHxMCe7VAmTVp685kOkX2vWGpYuSU3vW7A+dJYj1oIqv2IRotfa3FzjOZclOPqrhhQ+hE2WZ8d9dzNwmPqQKa2IRRWogNLX6dy1Kb9PdwVFK2nOGV+PvpniHreJH7BKCGIhqY0S6FFqXm0AuTOLFiz/w72hvbzEzSbwT7rRZE+bvyZW6LVm8f+S+yV9mXFolAY6c8K4Ly2N4XaOQERB0Ugl8ggb7Y8mUKQKvT5+GoC4G9ugV8F1od9vtxo1oEQ6ISBxSGNBPJRTdhVmsEVpUlycr3+dywOKjbeKg92X45HfPpvz1uVl36QkoA/1aANg/I9cqqTRPS1NnMOVpmxbyNwJlrLcGpFl7kuaZCpGf1tb1HC1XwBzhpiIwVDFBiG50CxufPfPWrn3dGz3ArJBfd3eNnuLEpir51JcjtuXDF2TNAtSQa1pym/Qjgm7m5n2MM5HZwmgC3XhOCJ78l2R44Ok9kBCi/J9MyHupfjzvSE2CXRD7h6hZ3NCUPpWkCmO/oWyHsTSGJayEqcITchvRO7FpF30FtYRTZztW2ZAfaLM+NwNUmv3iuK2soTbZs3XR4YEnPbl2jqOpgHJ+b/KQMBmp8ryV6UNPT3LNq5BLEvjFmTR1dH8hU9T4la4fNLpXBPT0WbhH+vCQMd2/VzkjLJFKod+7NLMi51FodNf0SAJ1rkHnUsq082ieYaN8RS4eKBEDDV/Sq6NOAgri6+aRs+zbC4GRy08u7zMUK5V43ALLbV43/jjItRDmWMAo6iznBbHfJmyiqrm+LAGQNxiu8u2sovCJqr30lAJ1pA08D8Z+ptfNQ7ldGl+l0gUnGjexEIjSeZXalIM9RGQUnMSf1rPDwZ0pS0XY2LXxhn7GwA7OWxrXnuOBY2xmYCuQKT7glk4Q4edc156YyjMut4XcOI1vIC7beRaMiesxWTYLurz8xYJdPy9F8Luc3GdQcFM8FqyIogCkDtXmKR4w8tRdGjpE3znULM2+xRhLjyaTz0ixVQsMiWpMm6QWld/bH4+nn4Kmedp1Ija4quVqVaBHg7WP3QukxPTYu4c+UIlcVZ6mT/EyG8ELI9TSz0GFRToFyCFtn+gU6648W1W/fiyuhRz2dj6OX3opKHmm2xCb1VS/Y0Wz7cy0kN7vdt7VE6x97tjwDDkbImKZra6YYPiKqZl6/tEKcEotK2LqmA1RpsYeqKAoHsfcoTF7FTKpJ1c/FqBdWS20pzRqXQQwY1IEu2r8MhfMGBZQYdI00SgDBY5gGUnC0KBLem2HyGVWi2rM+FhYKbpbZfMmOtA8O8ITIqvPEdwXCqUYVbfSLIOuaPpD8nMnZWKUSxdXM5hFIoKcq2MiMLRXuCMJS2ai6BAI2V9zltdyMucQCAJAJgss8xaUpG+uCD9NBOCyTq+6ik2EJkal05tX3ZfASPDw65XCXIMF/vZJHxCHS2enpcPNiVtiRxqUNdH216Gwu5LTDY/f+4GTGJK5r9Q2Fq+mnaTH+1y1Ftt+zXdmTpkKO72vOvHSGA38lnhRZWKSm5Fq+uaTyt4t8xfvBS5liRfjcJ590v+UqreGuBBxe6pOXD0ZeowrBAYwxxrAWUaQDHRzTYSVSziOM1eoTzhTNdv+3Y6Ep8lKfVynQhGLNBU6RJDLCgEg4wquLZrNqsM9INIg99EYHURtMEtCz/wYlz+TG4TZGKjI2qctKjLq7VYtoHUwqARtdPljLVWbLV3Pp1Br7vYVXMCcqjxPpsm3AFbda76s+gYuLKXNYtJUkhBH9acN5Ijnv0kIjmkkaiCiasvpFlhE9modqbj6nZkRoFSzHt9TiZxrSfRDGB2a86C7a02Rv44goOvyway0FqpR5FhflEWlkQwK8KhkENLH5EFL33H0JrPy61PSr5JhYDLKZr+2/6Cg==,iv:xkxbb3tu6lnFT8IuQTn/fBh1ZdQBzjcnI1/USK8Jd8Q=,tag:Msg/0tuJd2KToMrdrBb6/A==,type:str] |
Member
There was a problem hiding this comment.
This is a public cert, so should be nonsensitive.
Member
There was a problem hiding this comment.
Just saw your response above. I can only assume that it was mistakenly marked as sensitive in the script. A sensitive public cert kind of defeats the purpose.
Contributor
Author
There was a problem hiding this comment.
Done in a followup pr.
| bfd_keystore_location = module.platform.ssm.worker.bfd_keystore_location.value | ||
| bfd_keystore_password_arn = module.platform.ssm.worker.bfd_keystore_password.arn | ||
| bfd_keystore_base64 = module.platform.ssm.worker.mtls_keystore_base64.arn | ||
| bfd_keystore_public_cert = module.platform.ssm.worker.mtls_keystore_public_cert.arn |
Member
There was a problem hiding this comment.
These locals should end with _arn as done for other local vars here.
Also, why are these in mtls_keystore params but labeled as bfd_keystore in locals? Is the bfd_keystore the same thing as the mtls_keystore?
Contributor
Author
There was a problem hiding this comment.
Yes, I'll change the names to match.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🎫 Ticket
https://jira.cms.gov/browse/PLT-1491
🛠 Changes
Adding sops ssm parameters for bfd mTLS keystore (base64 encoded) and public certificate. Added environment variables in main.tf and added them to the application.bfd.properties for use by the BFD client code.
ℹ️ Context
These changes are to automate a manual process that created a keystore file in the code repo.
🧪 Validation
see build and deploy checks below. Test failures are unrelated to this work.