Create Centralized GitHub Action for Managing Secrets

[sukeshreddyg]

User Story

As a Modernisation Platform Engineer I want to create a centralized GitHub Action in the github-actions repository to manage secrets So that any updates or changes can be made in one place and easily utilized across multiple repositories.

Value / Purpose

• Reduce the redundancy of defining secrets management workflows in each repository.
• Simplify the process of updating the secrets management logic by centralizing it, thus ensuring all repositories use the latest version.
• Ensure that all repositories have a consistent and secure method of handling secrets.

Useful Contacts

No response

Additional Information

• Existing reusable workflow in the MP repo fetches secrets, encrypts them, declares them as outputs, and an action decrypts these secrets.

Reusable Workflow: https://github.com/ministryofjustice/modernisation-platform/blob/main/.github/workflows/secrets-retrieval.yml

Action to decrypt the secrets: https://github.com/ministryofjustice/modernisation-platform/blob/main/.github/actions/decrypt-secrets/action.yml

Proposal / Unknowns

• Develop a new GitHub Action in the github-actions repository to manage secrets.
• Deprecate the existing reusable workflow and action in the MP repo.
• Update all repositories currently using the MP repo workflow to use the new centralized GitHub Action.

Definition of Done

• [ ] Documentation has been written / updated
• [ ] The new GitHub Action is created in the github-actions repository. and tested with the scheduled-baseline workflow
• [ ] All workflows across all repositories are updated to use the new centralized action, ensuring that secrets are fetched from AWS Secrets Manager and managed in one place.
• [ ] Validation that the new centralized action works as expected in all repositories, including successful fetching, encrypting, declaring, and decrypting of secrets.
• [ ] Another team member has reviewed
• [ ] Tests are green