modernisation-platform icon indicating copy to clipboard operation
modernisation-platform copied to clipboard

Published 20 hours ago verified publisher icon ministryofjustice

Refactor Nuke and Redeploy After Nuke for OIDC

Open julialawrence opened this issue 2 years ago • 0 comments

User Story

As a platform developer, I would like to refactor our nuke code to make it compatible with OIDC, retire the use of hard-coded credentials, and make the process of adding accounts to the nuke list more automated.

User Type(s)

Value

  • Using OIDC instead of static credentials improves the security posture of the platform
  • Nuking sandbox environments saves money by destroying unused infrastructure and drives good practices such as less use of "advanced devops" in favour of IaC.

Questions / Assumptions / Hypothesis

We currently maintain the nuke list in a AWS secret in MP which is manually updated when a new sandbox account is created. Due to how OIDC works, accessing a secret is difficult.

Refactor the code to use github secrets for account information.

Definition of done

  • [ ] readme has been updated
  • [ ] user docs have been updated
  • [ ] another team member has reviewed
  • [ ] tests are green
  • [ ] UR test OR added to continual research plan

Reference

How to write good user stories

julialawrence avatar Oct 13 '22 10:10 julialawrence