diff --git a/README.md b/README.md index 8cefb9f7..5db2bb5e 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ each print an encrypted token that is safe to commit and push to GitHub. ### GitLab API Token -The GitLab API token is maintaine under a machine user account and can be rotated via a +The GitLab API token is maintain under a machine user account and can be rotated via a POST request with the existing token. There are separate tokens for dev-portal and dev-portal-dev. The script works for both depending on which cluster is currently active. To rotate the dev-portal token, run @@ -104,6 +104,10 @@ New encrypted gitlab-token for developer-portal-dev-backend: ``` +If the token has already expired, you will need to request a new one from a GitLab +admin. With this you can use the following process for GitHub API tokens to manually +create the encrypted version for the sealed secret. + ### GitHub API Token The GitHub API token is slightly more complicated. Currently it is linked to a user @@ -111,11 +115,11 @@ account and needs to be manually rotated and copied in the user GitHub developer settings. The same token is used for both dev-portal and dev-portal-dev, but the SealedSecret needs to be encrypted by the specific cluster it will be applied to. Again the script will handle this if the correct cluster is active. To update the -dev-portal token, run +dev-portal token, copy it to your clipboard and run ```bash $ module load argus -$ util/encrypt-github-token.sh +$ util/encrypt-github-token.sh $(xclip -o -selection clipboard) New encrypted github-token for developer-portal-backend: ``` @@ -124,11 +128,12 @@ or for the dev-portal-dev token ```bash $ module load pollux -$ util/encrypt-github-token.sh +$ util/encrypt-github-token.sh $(xclip -o -selection clipboard) New encrypted github-token for developer-portal-backend: ``` -Note the whitespace before the command can prevent the unencrypted token being stored in -your shell history (requires `HIST_IGNORE_SPACE` for zsh or `HISTCONTROL=ignorespace` -for bash). +You can also pass the literal token into the command, but doing it this way means then +token can't be saved to your shell history. A space before the command can also prevent the +unencrypted token being in your shell history (requires `HIST_IGNORE_SPACE` for zsh or +`HISTCONTROL=ignorespace` for bash), but then you can't recall the command. diff --git a/charts/backend/Chart.yaml b/charts/backend/Chart.yaml index cc74d6f7..ff201049 100644 --- a/charts/backend/Chart.yaml +++ b/charts/backend/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: developer-portal-backend description: A Helm chart for deploying the Diamond developer portal backend type: application -version: 0.2.0 +version: 0.2.1 appVersion: 0.0.28 dependencies: - name: common diff --git a/charts/backend/values.yaml b/charts/backend/values.yaml index 73ac6811..03fd8324 100644 --- a/charts/backend/values.yaml +++ b/charts/backend/values.yaml @@ -43,7 +43,7 @@ serviceAccount: secrets: githubAppClientId: AgBGJChwcZVcnz5Zrs/BGVCu6PgGdga8Vg/w6Nv5ZUbN04/tkT+uz98as3TSJH9/A7cK3ebzmcrHATeNT/zzmaZjkz6qieCmHgKrTraHrGN7gOxd7zDyeD15iQY8tUdZx+iGKKyvpvuyHlRv6TfypgnOwf3Jif8wXZnNDpz7e+aJSORvlSxqftJFCaU9VaK0ahKeWWC+FxoON9AHLddQwp/rAele8xJLvWNudyFkv4p4lPSbmFOX19IagkMtw9YbZ6Aa16xrGrDJxgNhJHAluQ+ncPDPiH3BnSxzwwAnHSLgCE82pEnpF9cgpHVDyeImb9a1IiZIW6ftjgEpnkS7v7YhIq3Lovr/NMkOwSWGQP2dznn2ZF8tDREW3JZFJOrYKTnErqyP3zFZUVuJbpXANMcm6bD2hOTK0qXj1dHZXwXOnOKO0aRhEtNa05umSST55RkVOdRAC6D08VguOvSvSEDxHzas8GbMyBfdAt8Porqie2qJ5fzf0Y22rmrZW00gJes0XsdTe9N74nH0y3kZANn61LRlS2dMQ33lqU6KFG0dp754GDuA3FQ3ZgR8ZvbQPi+dArHjgmfqPtOHTQNxMG1vfrlFUyI+zNqmysO1PZBc4jXNZ7pOVlJX4n/d/kjF/pbRNdNgHgXA2e3WU217AOUhMOUbOfYn3NV0OVJ2mjrpWgecWgPMEF9kfBSy9kp9en9MZzUM/MeTgQyKCIC6ABNqCZEQew== githubAppSecret: AgAHXs6tAywlS5DpcPVx54GQlLzwSoioFt2meRBxfm4MBFIcJTQcgaZuSYTTctbqJP04jIY3KVfGAzNKF7YLC7+RULVbA1SHtFJt8R9Um1CHOT+Z1n1nkDVUEvy3MA0vKyhjDfHNG/2AAE/kW58PKcFSXyKFBxsWUDRHuRLg9kXZ3kOGfuF8VAY/5pQJt0EB+4bBLt8h5/vVXl66p5QBci6m1pMBqlFTAI+rnHDMCCM4NJQrZOFblQGBc1U5/nc+0sUO31/wltu3EvZ6oAc0S215G+6UkRclXxD8UNKrXV0+wXvQsaAQBsraXTA6RokKWEapSZStw47tQxihZPdnt5xdFmKMd0kbgqt+bWcTNku6kvHxLyggKKGuvJlRAvu4sxDntbeyffN5oUw9SKkaTVHnCtzYk/9ewaA9oaZYQ6DPSarF0cAkSayBvhNd8NxBXj+NOkY9Za/if3Pb7MMkudg9D5YS28Ib5GoXz21BXEoYOMdzgde9fwsTfan0YD2/JPHEe1FI+/QrLCdHCAfZhzKpm+9dnMxGktueVkpfiGitB0T0SYkN4lz9hA/G/5UadXlZ5hZmOSVXUMfGhmzyjcaQWgsUn9rTFqmDpF9RwI8JCUrvBF5vKM9JsWNnoV/CXKIwhNX08UF39GeUax7cEnJjxyuRkg2IFQH7emkv8XwTEPDz2/PsSjcUEwlkE0P4xpRoAPNuOCAw1WVB/86Ms6Cs+/nCa4E8lGNIRWQs4h5sBpzbLvfaUy+a - githubToken: AgAn7psY+sEixsmAZNabvTQI/UMDPj5xrKhrSM1vrH8DeY0yQmSNbyOrzp+QsCdNfeCYsiUGvprG8wjjL8vtyu9vMJUVbqAB00zUY6aBK2fRr+0t1W7cO4x3aLFucuYhaDzu8SWYg7xZipJ33tCF4uiY6c+MN6fGzQ2NjiGn8dBoBNgAVBExTPGMNdn64/yiTtREuhQCVmVMtSnv1fFFcRMNOOiZIXdG9cXL0+igUN8TSylzZoo0rNbUoeRuB0onTJLT7nQze5K/QQIiCNHZ7pWfzEmZ4HsFnibfZLnVifO90E7ohaF0t5nNUwhlqvz6odTF9ptIwuT5DpZEyX89yDzrqA+79RuIwQxWND9aNg3OhUZ0bAGlTqkzFusyWWXa2yAjIpMWWxigaRcQT9zyiVN5ANBb8RzBlEZDTmisG/wjOKd8SYJPs8/2SEF8TDoet0n2UvRmfCTqpdXunpg+w+SZubvRYayHG5EE6q9BsyMXuf4k4CUzkHJ8OlG1b3OSRWCxHD2JmZAIVp1dCzAXswYkN6Q0pN63kJU5pa/yHgJ03mE11hHX8Ey8UcRf5JM7EK/OWe6RQ6+9DAQWbEHkCPhJ1clBl1hxedwnHdvogCDx7YFX81CxP8lcFK922Y9hVNYUzbCFjSxwYm5PprpzK3RFnvdR2ivW/D5iVRMidbre+vTAl9AjSSmDnhDA4tb6NSHwfCNJzw7k6XSiGehteEJDQE6r+yiOKLJ1WB3jykGTtvKTeJ2vKDlZ - gitlabToken: AgChjuPsJxMP91E2wFdzdKht+sgdXgeSaAzh+nh/NqJVkktoZyob1RTaYHul2D29rUjMGn3Tj5Dwr0+wS87Ka+3cfwfXvrQPATpQDSO9LmOyVuUI8fCK7fZLWvixcPPmS8jcreqTHRedCh/6bOrymyVCuh+OEUawXmNpA9c8cduuBAat4VpsN1N6hoGqR/yiR+6PGj4rcfXosmbepunuiw04kzLY6/vH8vzoeO2RRdVf/ctfEscAbKl56EblQpyH9TTT6rVUdjSMoxI2juqeePaDrAAtoYxBf04UKfrxWMJsUW74mPtKdNdL8s1eQW9qGUNU7Nk1j4G+N3OULcwEd0ECp0w1Cc9u7iYaMC4SXdR7eCdTdAYJAUU4HgUdDNEYMS3ya1dzWvXxCAMkPegv5mEljod3+Qr1UmwrKz37aJrtTlz6XcyNXxCqeRbH/tuNzk8GwBLxMqT534zAHFgLljn5CclMQmy8KvJgoGo3jT8fBlRFGL0tDiiQZiK4MztQM2SxnGfkLrx938dSBjqB9RTWjOkqkl6Rn43PyRjOpWYZ6Lua7kYpCUvikTXNRoOcYyjF49XCF8NpszsyPDWbdqeBC1T92JRYIbWj4oEHj8nDWzLvtLBt2N9FA7i5xXSYUSTDREZizkpaEXk0m+iJmdbCBCrmznlDRmVrISz+DPpeMtF+AZ/bJztnUbSapFmys2f6rOqQ4LfMacyLH4WLFZbbnTPX49hJQ77OQw== + githubToken: AgDPo+JJ+7q4u3AYEJaJaWqocyrShSAwdSbQg3aM2FKnOvZeDRS1mmbaoaUQdM9NmBFhsjflNWvENAS1ZGkN6WHuwWK0XMKbU4CzdbDPt8ijxBamBiflXVGheM1NoDfynpe5b2cU2TAWr2qFyPRGgbj0tH8KNoytzhYeeXDJUryQs7oTOxXA4+4u99Hp6n5uF1NVtB3WThejQ2uKKRmrw/ZszS2ciY6z0VgFmg1SPFbrSEnQtZyLEO2DpMC8FhI6strSIBuEUfB/ElKdnAaCjW0W4fnbJZGvJUnpUCITvzjTueyOd1FoMA1CfSLXDWm9hK525CHoedzPIotWtxdYDYw9ck5oV/Sk24nRRr0MyTmaPc0qfv1mFabo0BDp83MFDA1llUEA64sguaqGcXfmMTkeBGwal31fGTGXPatWl/yy/kIMYU+QLRVWzDg5RA6ZEeFRgD97MiYWwxek7vEbe4+IwyLCitylGGC6dB8gx/9DAX99yDuOySYu5YyEArZMJHmsy7X2pIAPKE/EU2Vd94THkguVtgvF/7Am9woMRoF6BKr14WFsNRkQiJstPZ0w09bUsMkgQQ3JiSzSa0PgMs20MWxm1IYeHg+ZaYGDe0IrXRE8j7LWvv7qJkW7h681Y2LNLqOIzGx+PgcwY41IuTz08KJaAItJBdvF2Uk/C1v5gOjqxBmlgpF9Vc9ur8qJPIVkGbp7SiHj21VXoXaCFNZqOnRQJ/cOB4/LMAILdkToDU02Hp4PFmZ5 + gitlabToken: AgBLhuc5GonGmPSdbnkS4nvEs958x13lqquIK7hhlWqfnC7FLbpyvUiUhojuLc/DoG8Di5yMUR3F3ILN41iHqVrhkmZ7d9dwNtwWCuyeRQxVsPBIRAcgGHZGXTlsJaNYfZ4f5tl5Jw/0AFPmykew6SzylvP5H7b8syrn7iOYsfZoWKtuJ3C4THEiuudl/gJR0TzvVubWJalt1uLC7qwvnqayQaYaSCyn+q4EQ1ktiptFE+pWlDxWkQj74Trp66yeTWD9rxlzsjZxVywcvawbajsWU/sdVHumPIC8HkWUO7/2eIOxr2YtX9tfd2Dv0bnbFSUTPmM5TyNlz7teBy8Spb25IqJOCbOzhmgKj5FvvD/SzTiLL9MMzIrJhipWAq5svwlpR4hXa2a+XO32nvzjsER5tNb8gvMGb6fXoqStdquodKuucUCj83oNanEh1bVGTP7XK833kVzObYSRS+zNrJ2I8EGipQDR8E1B3Xe/pNqjFnbb7zQeBfL6if8jSUMq+0DUdza7nriZ67kngmoZl9Bu05CEpOzb/b8n/ZBt4wXikM4LDB+HnAwIvFYlTJWayUp3+xpVjeK6wZcJE+ s3AccessKeyId: AgCkGhsZpj7RCX3/mDHpa38PyU1OfWKjdClYhFt5YaolEzvSazv5btvW+nL1vJ7ZxDdx6CPbaU8Ihg070EZ5ROfm6X1Ic0VY0QkRZg0gW2OfEMi/BPZwesCh3RWkwLTb4oO1ZiRFWWLbupf2Iv5CVEbGEhyLJGRBOvF2DVOsp5ZvJC+iyJ6U0vyIHxtlVqhI7yHVHfFtBgisqMdEbtJRDY10KHx+8iqrYpP1oNJONrF4gSM7uXpLFkDD+27neycs+2wSNIHqmDa4XCbHuUFkztElp2/CiazBK+0URAK5F8KuUktyz91/BnYtEjD/+3LwhETdZAk0vQZtSrMGyhG8ZiD0+yiuylztWxk8vYNEVfB+zeDJf+Wa6BnKtDDAmKjwWUSGqxGjrys3RDur3gjQpqhPetdE5U2kkKIsu06ijYEhPgKIjPAJVDJRVrZTJg8xHgh1XXVirBRYhUgLLIxr+y/AsCTiekvsG8NwiE80VgpmlsFZBz62Vx3esmsYQsJo2SQqMk1gsgwXt4DZw8rvJzWmMNw0Xa/9Wl/CZQHCIdrmkn8P/A6hwo2yDS8AmIUp77/KEBrqDLmz2bBcOrKlcEbw2bKusn1fScmoOEKvgE/Ew7JfPp74YxoOfLdpqjh74F3Pav+AEIBolRbDOc/t7eTbppiwESaBfLytUMV3C77C0FTvfd50t1I8YZQPTnBPw2tGP7I6iJn/udr7vmrX4tkM8LCz5Q== s3AccessKeySecret: AgAVE6KEEy1Vh97M/rHz9LRCzJ4do9GFRtQYO7o3tD6jpOQAbLHRHptBESSSJDBRWZia2wBjGL+rIwg/UW/EHDklHwq98wlF45ARCc38fGCJtYUlBWkE9bR1ERvA5eICmv5AduH7RxBPdhDTTwxASYH52xn0gq7tBlRg9a+Z7a7axKbfPd1ILCRWZKIm86aKoOiEryIc/9p8wP/il/JS8SmcOThyVarIEeaIVORKobdbFSXsuYmANNCN/say5rZQ7CB6+YoBk6jyWE9BRLMd33BTP3vY/bxywLdas6mgzCpEkjKtd1AQgtPiu68i8CJzS+XBN/QqWtcYzf7B7R5yvYmk4WL0X010EdkB1vxCu3tzMmk6Y6wzQ6IU1573ZnjL+8dro3keqBcZSM/qxGyfu/VrUiUkoKFu9gzKeUI+EmCFuJh0sx06PJiR8+kxaIOVHPy+XH6Xzw3NkztTDkhfbqj4mWbbuCgySmkLTJU4SjYI2gpqfqAUuHgosnYhl8mNiOYQ0e8yMTJNALgo1g+uTzjey5Aui93MpADmPkVOpZe/I9Wwn88v6hdpZrwbQrcU/JI7lo5YHDx7DRONT6boYAhRsgwKOZNlm//OhcXBjvs5CtVzlWEXHwj3jsJnQCYdu86a1hEGAMnDRY117f87kAEIY03CZuuUoAj2xsz2M5syl+54rIJ2Ps4kpJEB+VFBJ42ynYVAZddeXJYh6VZX+Ba8uHkX/05KkkCa79XizRyoh3cuEcBa9K/t