From dab27e12977aaeb6c9d1422eaf92e8d5f7c7fd62 Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 08:42:46 -0800 Subject: [PATCH 01/12] Update pay-api-cd.yml --- .github/workflows/pay-api-cd.yml | 133 +++++-------------------------- 1 file changed, 22 insertions(+), 111 deletions(-) diff --git a/.github/workflows/pay-api-cd.yml b/.github/workflows/pay-api-cd.yml index 6a03a370c..c36cd2cf2 100644 --- a/.github/workflows/pay-api-cd.yml +++ b/.github/workflows/pay-api-cd.yml @@ -1,4 +1,4 @@ -name: Pay API CD +name: PAY-API OCP on: push: @@ -8,116 +8,27 @@ on: - "pay-api/**" workflow_dispatch: inputs: - environment: - description: "Environment (dev/test/prod)" + target: + description: "Deploy To" required: true - default: "dev" - -defaults: - run: - shell: bash - working-directory: ./pay-api - -env: - APP_NAME: "pay-api" - TAG_NAME: "dev" + type: choice + options: + - dev + - test + - prod jobs: - pay-api-cd-by-push: - runs-on: ubuntu-24.04 - - if: github.event_name == 'push' && github.repository == 'bcgov/sbc-pay' - environment: - name: "dev" - - steps: - - uses: actions/checkout@v4 - - - name: Install CLI tools from OpenShift Mirror - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: "4" - - - name: Login Openshift - shell: bash - run: | - oc login --server=${{secrets.OPENSHIFT4_LOGIN_REGISTRY}} --token=${{secrets.OPENSHIFT4_SA_TOKEN}} - - - name: CD Flow - shell: bash - env: - OPS_REPOSITORY: ${{ secrets.OPS_REPOSITORY }} - OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }} - OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }} - OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }} - OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }} - TAG_NAME: ${{ env.TAG_NAME }} - run: | - make cd - - - name: Watch new rollout (trigger by image change in Openshift) - shell: bash - run: | - oc rollout status dc/${{ env.APP_NAME }}-${{ env.TAG_NAME }} -n ${{ secrets.OPENSHIFT4_REPOSITORY }}-${{ env.TAG_NAME }} -w - - - name: Rocket.Chat Notification - uses: RocketChat/Rocket.Chat.GitHub.Action.Notification@master - if: failure() - with: - type: ${{ job.status }} - job_name: "*Pay API Built and Deployed to ${{env.TAG_NAME}}*" - channel: "#registries-bot" - url: ${{ secrets.ROCKETCHAT_WEBHOOK }} - commit: true - token: ${{ secrets.GITHUB_TOKEN }} - - pay-api-cd-by-dispatch: - runs-on: ubuntu-24.04 - - if: github.event_name == 'workflow_dispatch' && github.repository == 'bcgov/sbc-pay' - environment: - name: "${{ github.event.inputs.environment }}" - - steps: - - uses: actions/checkout@v4 - - name: Set env by input - run: | - echo "TAG_NAME=${{ github.event.inputs.environment }}" >> $GITHUB_ENV - - - name: Install CLI tools from OpenShift Mirror - uses: redhat-actions/openshift-tools-installer@v1 - with: - oc: "4" - - - name: Login Openshift - shell: bash - run: | - oc login --server=${{secrets.OPENSHIFT4_LOGIN_REGISTRY}} --token=${{secrets.OPENSHIFT4_SA_TOKEN}} - - - name: CD Flow - shell: bash - env: - OPS_REPOSITORY: ${{ secrets.OPS_REPOSITORY }} - OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }} - OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }} - OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }} - OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }} - TAG_NAME: ${{ env.TAG_NAME }} - run: | - make cd - - - name: Watch new rollout (trigger by image change in Openshift) - shell: bash - run: | - oc rollout status dc/${{ env.APP_NAME }}-${{ env.TAG_NAME }} -n ${{ secrets.OPENSHIFT4_REPOSITORY }}-${{ env.TAG_NAME }} -w - - - name: Rocket.Chat Notification - uses: RocketChat/Rocket.Chat.GitHub.Action.Notification@master - if: failure() - with: - type: ${{ job.status }} - job_name: "*Pay API Built and Deployed to ${{env.TAG_NAME}}*" - channel: "#registries-bot" - url: ${{ secrets.ROCKETCHAT_WEBHOOK }} - commit: true - token: ${{ secrets.GITHUB_TOKEN }} + pay-api-cd: + uses: bcgov/bcregistry-sre/.github/workflows/backend-cd-ocp.yaml@main + with: + target: ${{ inputs.target }} + app_name: "pay-api" + working_directory: "./pay-api" + secrets: + OP_CONNECT_URL: ${{ secrets.OP_CONNECT_URL }} + OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} + OPENSHIFT_DOCKER_REGISTRY: ${{ secrets.OPENSHIFT4_DOCKER_REGISTRY }} + OPENSHIFT_LOGIN_REGISTRY: ${{secrets.OPENSHIFT4_LOGIN_REGISTRY}} + OPENSHIFT_SA_NAME: ${{ secrets.OPENSHIFT4_SA_NAME }} + OPENSHIFT_SA_TOKEN: ${{ secrets.OPENSHIFT4_SA_TOKEN }} + OPENSHIFT_REPOSITORY: ${{ secrets.OPENSHIFT4_REPOSITORY }} From 1e14155c51378c802438bc43fa3569c262cb37f8 Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 08:47:43 -0800 Subject: [PATCH 02/12] add vaults ocp --- pay-api/devops/vaults.ocp.env | 65 +++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 pay-api/devops/vaults.ocp.env diff --git a/pay-api/devops/vaults.ocp.env b/pay-api/devops/vaults.ocp.env new file mode 100644 index 000000000..b81dd76a3 --- /dev/null +++ b/pay-api/devops/vaults.ocp.env @@ -0,0 +1,65 @@ +PAY_LD_SDK_KEY="op://launchdarkly/$APP_ENV/pay/PAY_LD_SDK_KEY" +DATABASE_NAME="op://database/$APP_ENV/pay-db-gcp/DATABASE_NAME" +DATABASE_PASSWORD="op://database/$APP_ENV/pay-db-gcp/DATABASE_PASSWORD" +DATABASE_PORT="op://database/$APP_ENV/pay-db-gcp/DATABASE_PORT" +DATABASE_UNIX_SOCKET="op://database/$APP_ENV/pay-db-gcp/DATABASE_UNIX_SOCKET" +DATABASE_USERNAME="op://database/$APP_ENV/pay-db-gcp/DATABASE_USERNAME" +JWT_OIDC_AUDIENCE="op://keycloak/$APP_ENV/account-services-account/ACCOUNT_SERVICES_SERVICE_ACCOUNT_CLIENT_ID" +JWT_OIDC_JWKS_CACHE_TIMEOUT="op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_JWKS_CACHE_TIMEOUT" +JWT_OIDC_WELL_KNOWN_CONFIG="op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_WELL_KNOWN_CONFIG" +JWT_OIDC_ISSUER="op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ISSUER" +JWT_OIDC_CACHING_ENABLED="op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_CACHING_ENABLED" +JWT_OIDC_ALGORITHMS="op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ALGORITHMS" +SBC_AUTH_ADMIN_CLIENT_ID="op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_ID" +SBC_AUTH_ADMIN_CLIENT_SECRET="op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_SECRET" +CFS_BASE_URL="op://payment-external-services/$APP_ENV/cfs/CFS_BASE_URL" +CFS_CLIENT_ID="op://payment-external-services/$APP_ENV/cfs/CFS_CLIENT_ID" +CFS_CLIENT_SECRET="op://payment-external-services/$APP_ENV/cfs/CFS_CLIENT_SECRET" +PAYBC_PORTAL_URL="op://payment-external-services/$APP_ENV/cfs/PAYBC_PORTAL_URL" +CONNECT_TIMEOUT="op://payment-external-services/$APP_ENV/cfs/CONNECT_TIMEOUT" +CFS_GENERATE_RANDOM_INVOICE_NUMBER="op://payment-external-services/$APP_ENV/cfs/CFS_GENERATE_RANDOM_INVOICE_NUMBER" +CFS_ACCOUNT_DESCRIPTION="op://payment-external-services/$APP_ENV/cfs/CFS_ACCOUNT_DESCRIPTION" +CFS_INVOICE_PREFIX="op://payment-external-services/$APP_ENV/cfs/CFS_INVOICE_PREFIX" +CFS_RECEIPT_PREFIX="op://payment-external-services/$APP_ENV/cfs/CFS_RECEIPT_PREFIX" +CFS_PARTY_PREFIX="op://payment-external-services/$APP_ENV/cfs/CFS_PARTY_PREFIX" +EFT_INVOICE_PREFIX="op://payment-external-services/$APP_ENV/eft/EFT_INVOICE_PREFIX" +PAYBC_DIRECT_PAY_REF_NUMBER="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_REF_NUMBER" +PAYBC_DIRECT_PAY_API_KEY="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_API_KEY" +PAYBC_DIRECT_PAY_PORTAL_URL="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_PORTAL_URL" +PAYBC_DIRECT_PAY_BASE_URL="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_BASE_URL" +PAYBC_DIRECT_PAY_CLIENT_ID="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CLIENT_ID" +PAYBC_DIRECT_PAY_CLIENT_SECRET="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CLIENT_SECRET" +PAYBC_DIRECT_PAY_CC_REFUND_BASE_URL="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CC_REFUND_BASE_URL" +AUDIENCE="op://gcp-queue/$APP_ENV/base/AUDIENCE" +AUTHPAY_GCP_AUTH_KEY="op://gcp-queue/$APP_ENV/gtksf3/AUTHPAY_GCP_AUTH_KEY" +PUBLISHER_AUDIENCE="op://gcp-queue/$APP_ENV/base/PUBLISHER_AUDIENCE" +ACCOUNT_MAILER_TOPIC="op://gcp-queue/$APP_ENV/topics/ACCOUNT_MAILER_TOPIC" +AUTH_EVENT_TOPIC="op://gcp-queue/$APP_ENV/topics/AUTH_EVENT_TOPIC" +NAMEX_PAY_TOPIC="op://gcp-queue/$APP_ENV/topics/NAMEX_PAY_TOPIC" +BUSINESS_PAY_TOPIC="op://gcp-queue/$APP_ENV/topics/BUSINESS_PAY_TOPIC" +AUTH_API_URL="op://API/$APP_ENV/auth-api/AUTH_API_URL" +AUTH_API_VERSION="op://API/$APP_ENV/auth-api/AUTH_API_VERSION" +BCOL_API_URL="op://API/$APP_ENV/bcol-api/BCOL_API_URL" +BCOL_API_VERSION="op://API/$APP_ENV/bcol-api/BCOL_API_VERSION" +REPORT_API_URL="op://API/$APP_ENV/report-api/REPORT_API_URL" +REPORT_API_VERSION="op://API/$APP_ENV/report-api/REPORT_API_VERSION" +SENTRY_ENABLE="op://sentry/$APP_ENV/relationship-api/SENTRY_ENABLE" +SENTRY_DSN="op://sentry/$APP_ENV/relationship-api/SENTRY_DSN" +DISABLE_VALID_REDIRECT_URLS="op://relationship/$APP_ENV/pay-api/DISABLE_VALID_REDIRECT_URLS" +VALID_REDIRECT_URLS="op://relationship/$APP_ENV/pay-api/VALID_REDIRECT_URLS" +TRANSACTION_REPORT_DEFAULT_TOTAL="op://relationship/$APP_ENV/pay-api/TRANSACTION_REPORT_DEFAULT_TOTAL" +ROUTING_SLIP_DEFAULT_TOTAL="op://relationship/$APP_ENV/pay-api/ROUTING_SLIP_DEFAULT_TOTAL" +PAD_CONFIRMATION_PERIOD_IN_DAYS="op://relationship/$APP_ENV/pay-api/PAD_CONFIRMATION_PERIOD_IN_DAYS" +LEGISLATIVE_TIMEZONE="op://relationship/$APP_ENV/pay-api/LEGISLATIVE_TIMEZONE" +BCOL_USERNAME_FOR_SERVICE_ACCOUNT_PAYMENTS="op://relationship/$APP_ENV/pay-api/BCOL_USERNAME_FOR_SERVICE_ACCOUNT_PAYMENTS" +MASK_LEN="op://relationship/$APP_ENV/pay-api/MASK_LEN" +ACCOUNT_SECRET_KEY="op://relationship/$APP_ENV/pay-api/ACCOUNT_SECRET_KEY" +OUTSTANDING_TRANSACTION_DAYS="op://relationship/$APP_ENV/pay-api/OUTSTANDING_TRANSACTION_DAYS" +ALLOW_LEGACY_ROUTING_SLIPS="op://relationship/$APP_ENV/pay-api/ALLOW_LEGACY_ROUTING_SLIPS" +AUTH_WEB_URL="op://web-url/$APP_ENV/auth-web/AUTH_WEB_URL" +PAY_WEB_URL="op://web-url/$APP_ENV/fas-ui/PAY_WEB_URL" +PAY_CONNECTOR_AUTH="op://relationship/$APP_ENV/pay-api/PAY_CONNECTOR_AUTH" +ALLOW_SKIP_PAYMENT="op://relationship/$APP_ENV/pay-api/ALLOW_SKIP_PAYMENT" +ENABLE_403_LOGGING="op://relationship/$APP_ENV/pay-api/ENABLE_403_LOGGING" +NOTIFY_API_URL="op://API/$APP_ENV/notify-api/NOTIFY_API_URL" +NOTIFY_API_VERSION="op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION" From 3509cb40606b3472cac0c985d0f9ae11ab404333 Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 08:56:18 -0800 Subject: [PATCH 03/12] remove quotes --- pay-api/devops/vaults.ocp.env | 130 +++++++++++++++++----------------- 1 file changed, 65 insertions(+), 65 deletions(-) diff --git a/pay-api/devops/vaults.ocp.env b/pay-api/devops/vaults.ocp.env index b81dd76a3..3714f4957 100644 --- a/pay-api/devops/vaults.ocp.env +++ b/pay-api/devops/vaults.ocp.env @@ -1,65 +1,65 @@ -PAY_LD_SDK_KEY="op://launchdarkly/$APP_ENV/pay/PAY_LD_SDK_KEY" -DATABASE_NAME="op://database/$APP_ENV/pay-db-gcp/DATABASE_NAME" -DATABASE_PASSWORD="op://database/$APP_ENV/pay-db-gcp/DATABASE_PASSWORD" -DATABASE_PORT="op://database/$APP_ENV/pay-db-gcp/DATABASE_PORT" -DATABASE_UNIX_SOCKET="op://database/$APP_ENV/pay-db-gcp/DATABASE_UNIX_SOCKET" -DATABASE_USERNAME="op://database/$APP_ENV/pay-db-gcp/DATABASE_USERNAME" -JWT_OIDC_AUDIENCE="op://keycloak/$APP_ENV/account-services-account/ACCOUNT_SERVICES_SERVICE_ACCOUNT_CLIENT_ID" -JWT_OIDC_JWKS_CACHE_TIMEOUT="op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_JWKS_CACHE_TIMEOUT" -JWT_OIDC_WELL_KNOWN_CONFIG="op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_WELL_KNOWN_CONFIG" -JWT_OIDC_ISSUER="op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ISSUER" -JWT_OIDC_CACHING_ENABLED="op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_CACHING_ENABLED" -JWT_OIDC_ALGORITHMS="op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ALGORITHMS" -SBC_AUTH_ADMIN_CLIENT_ID="op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_ID" -SBC_AUTH_ADMIN_CLIENT_SECRET="op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_SECRET" -CFS_BASE_URL="op://payment-external-services/$APP_ENV/cfs/CFS_BASE_URL" -CFS_CLIENT_ID="op://payment-external-services/$APP_ENV/cfs/CFS_CLIENT_ID" -CFS_CLIENT_SECRET="op://payment-external-services/$APP_ENV/cfs/CFS_CLIENT_SECRET" -PAYBC_PORTAL_URL="op://payment-external-services/$APP_ENV/cfs/PAYBC_PORTAL_URL" -CONNECT_TIMEOUT="op://payment-external-services/$APP_ENV/cfs/CONNECT_TIMEOUT" -CFS_GENERATE_RANDOM_INVOICE_NUMBER="op://payment-external-services/$APP_ENV/cfs/CFS_GENERATE_RANDOM_INVOICE_NUMBER" -CFS_ACCOUNT_DESCRIPTION="op://payment-external-services/$APP_ENV/cfs/CFS_ACCOUNT_DESCRIPTION" -CFS_INVOICE_PREFIX="op://payment-external-services/$APP_ENV/cfs/CFS_INVOICE_PREFIX" -CFS_RECEIPT_PREFIX="op://payment-external-services/$APP_ENV/cfs/CFS_RECEIPT_PREFIX" -CFS_PARTY_PREFIX="op://payment-external-services/$APP_ENV/cfs/CFS_PARTY_PREFIX" -EFT_INVOICE_PREFIX="op://payment-external-services/$APP_ENV/eft/EFT_INVOICE_PREFIX" -PAYBC_DIRECT_PAY_REF_NUMBER="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_REF_NUMBER" -PAYBC_DIRECT_PAY_API_KEY="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_API_KEY" -PAYBC_DIRECT_PAY_PORTAL_URL="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_PORTAL_URL" -PAYBC_DIRECT_PAY_BASE_URL="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_BASE_URL" -PAYBC_DIRECT_PAY_CLIENT_ID="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CLIENT_ID" -PAYBC_DIRECT_PAY_CLIENT_SECRET="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CLIENT_SECRET" -PAYBC_DIRECT_PAY_CC_REFUND_BASE_URL="op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CC_REFUND_BASE_URL" -AUDIENCE="op://gcp-queue/$APP_ENV/base/AUDIENCE" -AUTHPAY_GCP_AUTH_KEY="op://gcp-queue/$APP_ENV/gtksf3/AUTHPAY_GCP_AUTH_KEY" -PUBLISHER_AUDIENCE="op://gcp-queue/$APP_ENV/base/PUBLISHER_AUDIENCE" -ACCOUNT_MAILER_TOPIC="op://gcp-queue/$APP_ENV/topics/ACCOUNT_MAILER_TOPIC" -AUTH_EVENT_TOPIC="op://gcp-queue/$APP_ENV/topics/AUTH_EVENT_TOPIC" -NAMEX_PAY_TOPIC="op://gcp-queue/$APP_ENV/topics/NAMEX_PAY_TOPIC" -BUSINESS_PAY_TOPIC="op://gcp-queue/$APP_ENV/topics/BUSINESS_PAY_TOPIC" -AUTH_API_URL="op://API/$APP_ENV/auth-api/AUTH_API_URL" -AUTH_API_VERSION="op://API/$APP_ENV/auth-api/AUTH_API_VERSION" -BCOL_API_URL="op://API/$APP_ENV/bcol-api/BCOL_API_URL" -BCOL_API_VERSION="op://API/$APP_ENV/bcol-api/BCOL_API_VERSION" -REPORT_API_URL="op://API/$APP_ENV/report-api/REPORT_API_URL" -REPORT_API_VERSION="op://API/$APP_ENV/report-api/REPORT_API_VERSION" -SENTRY_ENABLE="op://sentry/$APP_ENV/relationship-api/SENTRY_ENABLE" -SENTRY_DSN="op://sentry/$APP_ENV/relationship-api/SENTRY_DSN" -DISABLE_VALID_REDIRECT_URLS="op://relationship/$APP_ENV/pay-api/DISABLE_VALID_REDIRECT_URLS" -VALID_REDIRECT_URLS="op://relationship/$APP_ENV/pay-api/VALID_REDIRECT_URLS" -TRANSACTION_REPORT_DEFAULT_TOTAL="op://relationship/$APP_ENV/pay-api/TRANSACTION_REPORT_DEFAULT_TOTAL" -ROUTING_SLIP_DEFAULT_TOTAL="op://relationship/$APP_ENV/pay-api/ROUTING_SLIP_DEFAULT_TOTAL" -PAD_CONFIRMATION_PERIOD_IN_DAYS="op://relationship/$APP_ENV/pay-api/PAD_CONFIRMATION_PERIOD_IN_DAYS" -LEGISLATIVE_TIMEZONE="op://relationship/$APP_ENV/pay-api/LEGISLATIVE_TIMEZONE" -BCOL_USERNAME_FOR_SERVICE_ACCOUNT_PAYMENTS="op://relationship/$APP_ENV/pay-api/BCOL_USERNAME_FOR_SERVICE_ACCOUNT_PAYMENTS" -MASK_LEN="op://relationship/$APP_ENV/pay-api/MASK_LEN" -ACCOUNT_SECRET_KEY="op://relationship/$APP_ENV/pay-api/ACCOUNT_SECRET_KEY" -OUTSTANDING_TRANSACTION_DAYS="op://relationship/$APP_ENV/pay-api/OUTSTANDING_TRANSACTION_DAYS" -ALLOW_LEGACY_ROUTING_SLIPS="op://relationship/$APP_ENV/pay-api/ALLOW_LEGACY_ROUTING_SLIPS" -AUTH_WEB_URL="op://web-url/$APP_ENV/auth-web/AUTH_WEB_URL" -PAY_WEB_URL="op://web-url/$APP_ENV/fas-ui/PAY_WEB_URL" -PAY_CONNECTOR_AUTH="op://relationship/$APP_ENV/pay-api/PAY_CONNECTOR_AUTH" -ALLOW_SKIP_PAYMENT="op://relationship/$APP_ENV/pay-api/ALLOW_SKIP_PAYMENT" -ENABLE_403_LOGGING="op://relationship/$APP_ENV/pay-api/ENABLE_403_LOGGING" -NOTIFY_API_URL="op://API/$APP_ENV/notify-api/NOTIFY_API_URL" -NOTIFY_API_VERSION="op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION" +PAY_LD_SDK_KEY=op://launchdarkly/$APP_ENV/pay/PAY_LD_SDK_KEY +DATABASE_NAME=op://database/$APP_ENV/pay-db-gcp/DATABASE_NAME +DATABASE_PASSWORD=op://database/$APP_ENV/pay-db-gcp/DATABASE_PASSWORD +DATABASE_PORT=op://database/$APP_ENV/pay-db-gcp/DATABASE_PORT +DATABASE_UNIX_SOCKET=op://database/$APP_ENV/pay-db-gcp/DATABASE_UNIX_SOCKET +DATABASE_USERNAME=op://database/$APP_ENV/pay-db-gcp/DATABASE_USERNAME +JWT_OIDC_AUDIENCE=op://keycloak/$APP_ENV/account-services-account/ACCOUNT_SERVICES_SERVICE_ACCOUNT_CLIENT_ID +JWT_OIDC_JWKS_CACHE_TIMEOUT=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_JWKS_CACHE_TIMEOUT +JWT_OIDC_WELL_KNOWN_CONFIG=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_WELL_KNOWN_CONFIG +JWT_OIDC_ISSUER=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ISSUER +JWT_OIDC_CACHING_ENABLED=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_CACHING_ENABLED +JWT_OIDC_ALGORITHMS=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ALGORITHMS +SBC_AUTH_ADMIN_CLIENT_ID=op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_ID +SBC_AUTH_ADMIN_CLIENT_SECRET=op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_SECRET +CFS_BASE_URL=op://payment-external-services/$APP_ENV/cfs/CFS_BASE_URL +CFS_CLIENT_ID=op://payment-external-services/$APP_ENV/cfs/CFS_CLIENT_ID +CFS_CLIENT_SECRET=op://payment-external-services/$APP_ENV/cfs/CFS_CLIENT_SECRET +PAYBC_PORTAL_URL=op://payment-external-services/$APP_ENV/cfs/PAYBC_PORTAL_URL +CONNECT_TIMEOUT=op://payment-external-services/$APP_ENV/cfs/CONNECT_TIMEOUT +CFS_GENERATE_RANDOM_INVOICE_NUMBER=op://payment-external-services/$APP_ENV/cfs/CFS_GENERATE_RANDOM_INVOICE_NUMBER +CFS_ACCOUNT_DESCRIPTION=op://payment-external-services/$APP_ENV/cfs/CFS_ACCOUNT_DESCRIPTION +CFS_INVOICE_PREFIX=op://payment-external-services/$APP_ENV/cfs/CFS_INVOICE_PREFIX +CFS_RECEIPT_PREFIX=op://payment-external-services/$APP_ENV/cfs/CFS_RECEIPT_PREFIX +CFS_PARTY_PREFIX=op://payment-external-services/$APP_ENV/cfs/CFS_PARTY_PREFIX +EFT_INVOICE_PREFIX=op://payment-external-services/$APP_ENV/eft/EFT_INVOICE_PREFIX +PAYBC_DIRECT_PAY_REF_NUMBER=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_REF_NUMBER +PAYBC_DIRECT_PAY_API_KEY=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_API_KEY +PAYBC_DIRECT_PAY_PORTAL_URL=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_PORTAL_URL +PAYBC_DIRECT_PAY_BASE_URL=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_BASE_URL +PAYBC_DIRECT_PAY_CLIENT_ID=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CLIENT_ID +PAYBC_DIRECT_PAY_CLIENT_SECRET=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CLIENT_SECRET +PAYBC_DIRECT_PAY_CC_REFUND_BASE_URL=op://payment-external-services/$APP_ENV/paybc/PAYBC_DIRECT_PAY_CC_REFUND_BASE_URL +AUDIENCE=op://gcp-queue/$APP_ENV/base/AUDIENCE +AUTHPAY_GCP_AUTH_KEY=op://gcp-queue/$APP_ENV/gtksf3/AUTHPAY_GCP_AUTH_KEY +PUBLISHER_AUDIENCE=op://gcp-queue/$APP_ENV/base/PUBLISHER_AUDIENCE +ACCOUNT_MAILER_TOPIC=op://gcp-queue/$APP_ENV/topics/ACCOUNT_MAILER_TOPIC +AUTH_EVENT_TOPIC=op://gcp-queue/$APP_ENV/topics/AUTH_EVENT_TOPIC +NAMEX_PAY_TOPIC=op://gcp-queue/$APP_ENV/topics/NAMEX_PAY_TOPIC +BUSINESS_PAY_TOPIC=op://gcp-queue/$APP_ENV/topics/BUSINESS_PAY_TOPIC +AUTH_API_URL=op://API/$APP_ENV/auth-api/AUTH_API_URL +AUTH_API_VERSION=op://API/$APP_ENV/auth-api/AUTH_API_VERSION +BCOL_API_URL=op://API/$APP_ENV/bcol-api/BCOL_API_URL +BCOL_API_VERSION=op://API/$APP_ENV/bcol-api/BCOL_API_VERSION +REPORT_API_URL=op://API/$APP_ENV/report-api/REPORT_API_URL +REPORT_API_VERSION=op://API/$APP_ENV/report-api/REPORT_API_VERSION +SENTRY_ENABLE=op://sentry/$APP_ENV/relationship-api/SENTRY_ENABLE +SENTRY_DSN=op://sentry/$APP_ENV/relationship-api/SENTRY_DSN +DISABLE_VALID_REDIRECT_URLS=op://relationship/$APP_ENV/pay-api/DISABLE_VALID_REDIRECT_URLS +VALID_REDIRECT_URLS=op://relationship/$APP_ENV/pay-api/VALID_REDIRECT_URLS +TRANSACTION_REPORT_DEFAULT_TOTAL=op://relationship/$APP_ENV/pay-api/TRANSACTION_REPORT_DEFAULT_TOTAL +ROUTING_SLIP_DEFAULT_TOTAL=op://relationship/$APP_ENV/pay-api/ROUTING_SLIP_DEFAULT_TOTAL +PAD_CONFIRMATION_PERIOD_IN_DAYS=op://relationship/$APP_ENV/pay-api/PAD_CONFIRMATION_PERIOD_IN_DAYS +LEGISLATIVE_TIMEZONE=op://relationship/$APP_ENV/pay-api/LEGISLATIVE_TIMEZONE +BCOL_USERNAME_FOR_SERVICE_ACCOUNT_PAYMENTS=op://relationship/$APP_ENV/pay-api/BCOL_USERNAME_FOR_SERVICE_ACCOUNT_PAYMENTS +MASK_LEN=op://relationship/$APP_ENV/pay-api/MASK_LEN +ACCOUNT_SECRET_KEY=op://relationship/$APP_ENV/pay-api/ACCOUNT_SECRET_KEY +OUTSTANDING_TRANSACTION_DAYS=op://relationship/$APP_ENV/pay-api/OUTSTANDING_TRANSACTION_DAYS +ALLOW_LEGACY_ROUTING_SLIPS=op://relationship/$APP_ENV/pay-api/ALLOW_LEGACY_ROUTING_SLIPS +AUTH_WEB_URL=op://web-url/$APP_ENV/auth-web/AUTH_WEB_URL +PAY_WEB_URL=op://web-url/$APP_ENV/fas-ui/PAY_WEB_URL +PAY_CONNECTOR_AUTH=op://relationship/$APP_ENV/pay-api/PAY_CONNECTOR_AUTH +ALLOW_SKIP_PAYMENT=op://relationship/$APP_ENV/pay-api/ALLOW_SKIP_PAYMENT +ENABLE_403_LOGGING=op://relationship/$APP_ENV/pay-api/ENABLE_403_LOGGING +NOTIFY_API_URL=op://API/$APP_ENV/notify-api/NOTIFY_API_URL +NOTIFY_API_VERSION=op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION From e233a9e26f5f406df9bd982ac9d68d4854e3b918 Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 09:02:17 -0800 Subject: [PATCH 04/12] two misisng secrets --- pay-api/devops/vaults.ocp.env | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pay-api/devops/vaults.ocp.env b/pay-api/devops/vaults.ocp.env index 3714f4957..a1e407f5d 100644 --- a/pay-api/devops/vaults.ocp.env +++ b/pay-api/devops/vaults.ocp.env @@ -36,6 +36,7 @@ PUBLISHER_AUDIENCE=op://gcp-queue/$APP_ENV/base/PUBLISHER_AUDIENCE ACCOUNT_MAILER_TOPIC=op://gcp-queue/$APP_ENV/topics/ACCOUNT_MAILER_TOPIC AUTH_EVENT_TOPIC=op://gcp-queue/$APP_ENV/topics/AUTH_EVENT_TOPIC NAMEX_PAY_TOPIC=op://gcp-queue/$APP_ENV/topics/NAMEX_PAY_TOPIC +NAMEX_NR_STATE_TOPIC=op://gcp-queue/$APP_ENV/topics/NAMEX_NR_STATE_TOPIC BUSINESS_PAY_TOPIC=op://gcp-queue/$APP_ENV/topics/BUSINESS_PAY_TOPIC AUTH_API_URL=op://API/$APP_ENV/auth-api/AUTH_API_URL AUTH_API_VERSION=op://API/$APP_ENV/auth-api/AUTH_API_VERSION @@ -63,3 +64,4 @@ ALLOW_SKIP_PAYMENT=op://relationship/$APP_ENV/pay-api/ALLOW_SKIP_PAYMENT ENABLE_403_LOGGING=op://relationship/$APP_ENV/pay-api/ENABLE_403_LOGGING NOTIFY_API_URL=op://API/$APP_ENV/notify-api/NOTIFY_API_URL NOTIFY_API_VERSION=op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION +ACCESS_TOKEN_LIFESPAN=op://keycloak/$APP_ENV/jwt-base/ACCESS_TOKEN_LIFESPAN From c0782f5ae093e4d536b3699611734ada884207aa Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 09:08:47 -0800 Subject: [PATCH 05/12] fix database secrets --- pay-api/devops/vaults.ocp.env | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/pay-api/devops/vaults.ocp.env b/pay-api/devops/vaults.ocp.env index a1e407f5d..d9c4a08a7 100644 --- a/pay-api/devops/vaults.ocp.env +++ b/pay-api/devops/vaults.ocp.env @@ -1,9 +1,12 @@ PAY_LD_SDK_KEY=op://launchdarkly/$APP_ENV/pay/PAY_LD_SDK_KEY -DATABASE_NAME=op://database/$APP_ENV/pay-db-gcp/DATABASE_NAME -DATABASE_PASSWORD=op://database/$APP_ENV/pay-db-gcp/DATABASE_PASSWORD -DATABASE_PORT=op://database/$APP_ENV/pay-db-gcp/DATABASE_PORT -DATABASE_UNIX_SOCKET=op://database/$APP_ENV/pay-db-gcp/DATABASE_UNIX_SOCKET -DATABASE_USERNAME=op://database/$APP_ENV/pay-db-gcp/DATABASE_USERNAME + + +DATABASE_NAME=op://database/$APP_ENV/pay-db/PAY_DATABASE_NAME +DATABASE_PASSWORD=op://database/$APP_ENV/pay-db/PAY_DATABASE_PASSWORD +DATABASE_PORT=op://database/$APP_ENV/pay-db/PAY_DATABASE_PORT +DATABASE_USERNAME=op://database/$APP_ENV/pay-db/PAY_DATABASE_USERNAME +DATABASE_HOST=op://database/$APP_ENV/pay-db/PAY_DATABASE_HOST + JWT_OIDC_AUDIENCE=op://keycloak/$APP_ENV/account-services-account/ACCOUNT_SERVICES_SERVICE_ACCOUNT_CLIENT_ID JWT_OIDC_JWKS_CACHE_TIMEOUT=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_JWKS_CACHE_TIMEOUT JWT_OIDC_WELL_KNOWN_CONFIG=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_WELL_KNOWN_CONFIG From d9ecc82300ce21f169002875febec3b9cd8686df Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 09:15:27 -0800 Subject: [PATCH 06/12] more secrets --- pay-api/devops/vaults.ocp.env | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pay-api/devops/vaults.ocp.env b/pay-api/devops/vaults.ocp.env index d9c4a08a7..d02915f07 100644 --- a/pay-api/devops/vaults.ocp.env +++ b/pay-api/devops/vaults.ocp.env @@ -68,3 +68,5 @@ ENABLE_403_LOGGING=op://relationship/$APP_ENV/pay-api/ENABLE_403_LOGGING NOTIFY_API_URL=op://API/$APP_ENV/notify-api/NOTIFY_API_URL NOTIFY_API_VERSION=op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION ACCESS_TOKEN_LIFESPAN=op://keycloak/$APP_ENV/jwt-base/ACCESS_TOKEN_LIFESPAN +PAY_LD_CLIENT_ID=op://launchdarkly/$APP_ENV/pay/PAY_LD_CLIENT_ID +PAY_LD_SDK_KEY=op://launchdarkly/$APP_ENV/pay/PAY_LD_SDK_KEY From 54f5e58b7163c32d5d2aa939d993a53a766a1e02 Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 09:25:35 -0800 Subject: [PATCH 07/12] Another missing secret --- pay-api/devops/vaults.ocp.env | 1 + 1 file changed, 1 insertion(+) diff --git a/pay-api/devops/vaults.ocp.env b/pay-api/devops/vaults.ocp.env index d02915f07..31ce70d5d 100644 --- a/pay-api/devops/vaults.ocp.env +++ b/pay-api/devops/vaults.ocp.env @@ -41,6 +41,7 @@ AUTH_EVENT_TOPIC=op://gcp-queue/$APP_ENV/topics/AUTH_EVENT_TOPIC NAMEX_PAY_TOPIC=op://gcp-queue/$APP_ENV/topics/NAMEX_PAY_TOPIC NAMEX_NR_STATE_TOPIC=op://gcp-queue/$APP_ENV/topics/NAMEX_NR_STATE_TOPIC BUSINESS_PAY_TOPIC=op://gcp-queue/$APP_ENV/topics/BUSINESS_PAY_TOPIC +BUSINESS_EMAILER_TOPIC=op://gcp-queue/$APP_ENV/topics/BUSINESS_EMAILER_TOPIC AUTH_API_URL=op://API/$APP_ENV/auth-api/AUTH_API_URL AUTH_API_VERSION=op://API/$APP_ENV/auth-api/AUTH_API_VERSION BCOL_API_URL=op://API/$APP_ENV/bcol-api/BCOL_API_URL From b5712908b98f116ed4a671dcd487ade3b4f5a199 Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 09:29:10 -0800 Subject: [PATCH 08/12] fix dup secret --- pay-api/devops/vaults.ocp.env | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pay-api/devops/vaults.ocp.env b/pay-api/devops/vaults.ocp.env index 31ce70d5d..43a41d460 100644 --- a/pay-api/devops/vaults.ocp.env +++ b/pay-api/devops/vaults.ocp.env @@ -1,5 +1,5 @@ PAY_LD_SDK_KEY=op://launchdarkly/$APP_ENV/pay/PAY_LD_SDK_KEY - +PAY_LD_CLIENT_ID=op://launchdarkly/$APP_ENV/pay/PAY_LD_CLIENT_ID DATABASE_NAME=op://database/$APP_ENV/pay-db/PAY_DATABASE_NAME DATABASE_PASSWORD=op://database/$APP_ENV/pay-db/PAY_DATABASE_PASSWORD @@ -69,5 +69,4 @@ ENABLE_403_LOGGING=op://relationship/$APP_ENV/pay-api/ENABLE_403_LOGGING NOTIFY_API_URL=op://API/$APP_ENV/notify-api/NOTIFY_API_URL NOTIFY_API_VERSION=op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION ACCESS_TOKEN_LIFESPAN=op://keycloak/$APP_ENV/jwt-base/ACCESS_TOKEN_LIFESPAN -PAY_LD_CLIENT_ID=op://launchdarkly/$APP_ENV/pay/PAY_LD_CLIENT_ID -PAY_LD_SDK_KEY=op://launchdarkly/$APP_ENV/pay/PAY_LD_SDK_KEY + From 23fb7519b1a7a07585ba76a182df5af1f1bd82c7 Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 09:37:55 -0800 Subject: [PATCH 09/12] missing topic --- pay-api/devops/vaults.ocp.env | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pay-api/devops/vaults.ocp.env b/pay-api/devops/vaults.ocp.env index 43a41d460..c4b7435d6 100644 --- a/pay-api/devops/vaults.ocp.env +++ b/pay-api/devops/vaults.ocp.env @@ -13,6 +13,8 @@ JWT_OIDC_WELL_KNOWN_CONFIG=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_WELL_KNOWN_C JWT_OIDC_ISSUER=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ISSUER JWT_OIDC_CACHING_ENABLED=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_CACHING_ENABLED JWT_OIDC_ALGORITHMS=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ALGORITHMS +JWT_OIDC_CLIENT_SECRET =op://keycloak/$APP_ENV/pay-api/PAY_API_CLIENT_SECRET + SBC_AUTH_ADMIN_CLIENT_ID=op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_ID SBC_AUTH_ADMIN_CLIENT_SECRET=op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_SECRET CFS_BASE_URL=op://payment-external-services/$APP_ENV/cfs/CFS_BASE_URL @@ -69,4 +71,5 @@ ENABLE_403_LOGGING=op://relationship/$APP_ENV/pay-api/ENABLE_403_LOGGING NOTIFY_API_URL=op://API/$APP_ENV/notify-api/NOTIFY_API_URL NOTIFY_API_VERSION=op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION ACCESS_TOKEN_LIFESPAN=op://keycloak/$APP_ENV/jwt-base/ACCESS_TOKEN_LIFESPAN +FTP_POLLER_TOPIC=op://gcp-queue/$APP_ENV/topics/FTP_POLLER_TOPIC From ab23644ced047fbbcccbcd30bd177bc645e32245 Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 09:41:36 -0800 Subject: [PATCH 10/12] remove client secret --- pay-api/devops/vaults.ocp.env | 1 - 1 file changed, 1 deletion(-) diff --git a/pay-api/devops/vaults.ocp.env b/pay-api/devops/vaults.ocp.env index c4b7435d6..eb9f6e01b 100644 --- a/pay-api/devops/vaults.ocp.env +++ b/pay-api/devops/vaults.ocp.env @@ -13,7 +13,6 @@ JWT_OIDC_WELL_KNOWN_CONFIG=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_WELL_KNOWN_C JWT_OIDC_ISSUER=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ISSUER JWT_OIDC_CACHING_ENABLED=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_CACHING_ENABLED JWT_OIDC_ALGORITHMS=op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ALGORITHMS -JWT_OIDC_CLIENT_SECRET =op://keycloak/$APP_ENV/pay-api/PAY_API_CLIENT_SECRET SBC_AUTH_ADMIN_CLIENT_ID=op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_ID SBC_AUTH_ADMIN_CLIENT_SECRET=op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_SECRET From f5b65526ff69139aa1b11c1cbd2b3726be6c2419 Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 09:49:50 -0800 Subject: [PATCH 11/12] remove unused secrets --- jobs/payment-jobs/config.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/jobs/payment-jobs/config.py b/jobs/payment-jobs/config.py index 0387a417e..7416f1455 100644 --- a/jobs/payment-jobs/config.py +++ b/jobs/payment-jobs/config.py @@ -131,9 +131,6 @@ class _Config(object): # pylint: disable=too-few-public-methods CFS_STOP_PAD_ACCOUNT_CREATION = os.getenv("CFS_STOP_PAD_ACCOUNT_CREATION", "false").lower() == "true" CFS_PARTY_PREFIX = os.getenv("CFS_PARTY_PREFIX", "BCR-") - CFS_INVOICE_CUT_OFF_HOURS_UTC = int(os.getenv("CFS_INVOICE_CUT_OFF_HOURS_UTC", "2")) - CFS_INVOICE_CUT_OFF_MINUTES_UTC = int(os.getenv("CFS_INVOICE_CUT_OFF_MINUTES_UTC", "0")) - SENTRY_ENABLE = os.getenv("SENTRY_ENABLE", "False") SENTRY_DSN = os.getenv("SENTRY_DSN", None) From a36e9f2f641aaba00e2b9039c3eef0f28cee43b6 Mon Sep 17 00:00:00 2001 From: Travis Semple Date: Thu, 6 Mar 2025 10:00:21 -0800 Subject: [PATCH 12/12] adding more secrets --- pay-api/devops/vaults.ocp.env | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pay-api/devops/vaults.ocp.env b/pay-api/devops/vaults.ocp.env index eb9f6e01b..2ded9e0cd 100644 --- a/pay-api/devops/vaults.ocp.env +++ b/pay-api/devops/vaults.ocp.env @@ -71,4 +71,5 @@ NOTIFY_API_URL=op://API/$APP_ENV/notify-api/NOTIFY_API_URL NOTIFY_API_VERSION=op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION ACCESS_TOKEN_LIFESPAN=op://keycloak/$APP_ENV/jwt-base/ACCESS_TOKEN_LIFESPAN FTP_POLLER_TOPIC=op://gcp-queue/$APP_ENV/topics/FTP_POLLER_TOPIC - +CFS_FAS_CLIENT_ID=op://payment-external-services/$APP_ENV/cfs/CFS_FAS_CLIENT_ID +CFS_FAS_CLIENT_SECRET=op://payment-external-services/$APP_ENV/cfs/CFS_FAS_CLIENT_SECRET