SSW.Rules.GPT icon indicating copy to clipboard operation
SSW.Rules.GPT copied to clipboard
verified publisher icon SSWConsulting

👷 Clean up secrets and connection strings

Open jackreimers opened this issue 2 years ago • 6 comments

Cc: @matt-goldman

Hi

Pain

Currently there are secrets being stored in appsettings.json and in configuration variables in Azure. This is making setup of development environments confusing and means secrets are stored in the incorrect place.

Suggested Solution

Remove the secrets from appsettings.json and have them stored in secrets.json instead. Any secrets in Azure config variables should be moved to Key Vault or Connection Strings. The GitHub action to deploy to Azure should deploy the secrets to KeyVault.

Tasks

  • [x] Move secrets from appsettings.json to secrets.json (ensure appsettings.json is committed to source control)
  • [ ] Add a Key Vault reference in app service configuration.
  • [ ] Move connection strings to connection strings in Azure.
  • [ ] Add secrets into Keeper so other developers can access them without needing to ask someone.
  • [ ] Update project setup documentation (README.md)

Acceptance Criteria

There should be no secrets stored outside of secrets.json in the project and they should be properly stored in Azure.

Thanks!

jackreimers avatar Aug 24 '23 00:08 jackreimers

As per my discussion with @brydeno we are going to leave the GPT API key and database connection string as is because this would be better done as an infrastructure as code deployment and there is no secret data in the database or API key.

jackreimers avatar Aug 24 '23 04:08 jackreimers

Hi @jackreimers and @brydeno - I disagree about this:

there is no secret data in the database or API key.

While this is true for now, we are locking the GPT4 API key behind an authentication wall. It may not necessarily protect secret data, but it has a cost implication that needs to be protected.

I do agree with this:

this would be better done as an infrastructure as code deployment

Does that not mean that's what we should do, rather than leaving things as they are?

matt-goldman avatar Aug 24 '23 05:08 matt-goldman

As per my conversation with @calumjs we are going to prioritise getting Identity Server implemented and come back to this at a later date.

jackreimers avatar Aug 24 '23 23:08 jackreimers

FYI, see: https://github.com/orgs/SSWConsulting/discussions/24

matt-goldman avatar Sep 03 '23 09:09 matt-goldman

@jackreimers any update? This ones getting stale...

bradystroud avatar Oct 02 '23 06:10 bradystroud

@bradystroud this will be resolved by https://github.com/SSWConsulting/SSW.Rules.GPT/issues/32 which is currently blocked

jackreimers avatar Oct 02 '23 23:10 jackreimers