Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CT-578] Add aws secret for db password #97

Merged
merged 4 commits into from
Apr 5, 2024
Merged

[CT-578] Add aws secret for db password #97

merged 4 commits into from
Apr 5, 2024

Conversation

dydxwill
Copy link
Contributor

@dydxwill dydxwill commented Apr 4, 2024
edited
Loading

tested in dev

@dydxwill dydxwill changed the title Add aws secret for db password [CT-578] Add aws secret for db password Apr 4, 2024
@linear Linear
Copy link

linear bot commented Apr 4, 2024

CT-578 Use aws secret manager to write a secure dydx rds password

vincentwschau
vincentwschau reviewed Apr 4, 2024
View reviewed changes
indexer/locals.tf Outdated
@@ -19,7 +19,7 @@ locals {
}

service_secret_ids = {
for name in local.service_names : name => "${var.environment}-${name}-secrets"
for name in local.service_names : name => "${var.aws_db_secret_id}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was this change made so that a deployer could determine what secret to create in secrets manager before deploying?
There's other secrets that exist today, this could break deployments that had diff. secret ids right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, addressed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right now, there's existing dev-vulcan-secrets/dev-ender-secrets/etc. We'll need to add db_password into these secrets manually. Env variables are encrypted & passed into lambdas.

@dydxwill dydxwill requested a review from vincentwschau April 5, 2024 17:42
@dydxwill dydxwill merged commit 038d137 into main Apr 5, 2024
1 of 2 checks passed
@dydxwill dydxwill deleted the wl/secret_mgr branch April 5, 2024 22:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vincentwschau vincentwschau vincentwschau approved these changes

@jiajames jiajames Awaiting requested review from jiajames

@Christopher-Li Christopher-Li Awaiting requested review from Christopher-Li

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dydxwill @vincentwschau