mitodl
unified ecommerce - finish configuration population
Description/Context
Almost everything encrypted in src/bridge/secrets/unified_ecommerce/ is a dummy / place holder secret. Figure out what the real values are are populate them for all environments.
Plan/Design
This one feels important, at least important that we fix it before unified ecommerce goes to production :)
@blarghmatey I just verified that this is still true, there are only dummy values in the unified ecommerce secrets.
Just pinging you for visibility.
For what it's worth I have checked in both SOPS and Vault in both CI and QA and there are only dummy values there.
So, if the code is running as desired, it's either doing so sans secrets or the secretes are being passed in some way other than what we're used to for deploying applications into production.
@feoh pinged me about this yesterday and I wasn't entirely sure about this because the env is up and running. After some thought I actually don't think this is set up right, but I can't test it right now.
However, some of these things can be pulled from other envs (or Heroku):
- Keycloak (
KEYCLOAK_) - removed these, ignore for now - CyberSource (
MITOL_PAYMENT_GATEWAY_CYBERSOURCE_) - all of these can come from the MITx Online deployment in Heroku -
MITOL_UE_BCC_EMAIL- blank is fine for this, I'm not sure what we'd want it to be set to in CI/QA -
POSTHOG_API_TOKEN- can be pulled from the relevant project in PostHog -
SECRET_KEY- random string -
STATUS_TOKEN- random string
We should have a couple more settings for PostHog - there's a project API key (the public one) that's not in here or in the Pulumi config. This doesn't need to be a secure setting. Probably some other things too. I will have a separate PR up today (3/25) to add those in since I've already started mucking with it.
edited to note: I was poking at the QA environment via shell and at least the CyberSource stuff is wrong, so we won't be able to check out.
