#1711 - Remove unnecessary secret keys from task definitions (#1943)

#1711- remove unnecessary secrets from celery and notification containers
department-of-veterans-affairs · Aug 20, 2024 · 0d98ed8 · 0d98ed8
1 parent e8857ba
commit 0d98ed8
Show file tree

Hide file tree

Showing 9 changed files with 0 additions and 170 deletions.
diff --git a/app/config.py b/app/config.py
@@ -438,8 +438,6 @@ class Config(object):
     GITHUB_CLIENT_ID = os.getenv('GITHUB_CLIENT_ID', '')
     GITHUB_CLIENT_SECRET = os.getenv('GITHUB_CLIENT_SECRET', '')
 
-    VA_SSO_CLIENT_ID = os.getenv('VA_SSO_CLIENT_ID', '')
-    VA_SSO_CLIENT_SECRET = os.getenv('VA_SSO_CLIENT_SECRET', '')
     VA_SSO_SERVER_METADATA_URL = os.getenv('VA_SSO_SERVER_METADATA_URL', '')
     VA_SSO_AUTHORIZE_URL = os.getenv('VA_SSO_AUTHORIZE_URL', '')
     VA_SSO_ACCESS_TOKEN_URL = os.getenv('VA_SSO_ACCESS_TOKEN_URL', '')

diff --git a/cd/application-deployment/dev/vaec-api-task-definition.json b/cd/application-deployment/dev/vaec-api-task-definition.json
@@ -179,14 +179,6 @@
           "name": "VA_PROFILE_URL",
           "value": "https://int.vaprofile.va.gov"
         },
-        {
-          "name": "VANOTIFY_SSL_CERT_PATH",
-          "value": "/app/certs/vanotify_ssl_cert.pem"
-        },
-        {
-          "name": "VANOTIFY_SSL_KEY_PATH",
-          "value": "/app/certs/vanotify_ssl_key.pem"
-        },
         {
           "name": "VA_FLAGSHIP_APP_SID",
           "value": "A20623E2321D4053A6C34C9307C6C221"
@@ -233,18 +225,6 @@
         }
       ],
       "secrets": [
-        {
-          "name": "COMP_AND_PEN_SERVICE_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/comp-and-pen/service-id"
-        },
-        {
-          "name": "COMP_AND_PEN_TEMPLATE_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/comp-and-pen/template-id"
-        },
-        {
-          "name": "COMP_AND_PEN_SMS_SENDER_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/comp-and-pen/sms-sender-id"
-        },
         {
           "name": "ADMIN_CLIENT_USER_NAME",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/admin-client-user"
@@ -308,18 +288,6 @@
         {
           "name": "VETEXT_PASSWORD",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/vetext/password"
-        },
-        {
-          "name": "VA_SSO_CLIENT_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/iam-sso-client-id"
-        },
-        {
-          "name": "VA_SSO_CLIENT_SECRET",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/iam-sso-client-secret"
-        },
-        {
-          "name": "VA_ONSITE_SECRET",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/onsite/notification-priv"
         }
       ]
     },

diff --git a/cd/application-deployment/dev/vaec-celery-task-definition.json b/cd/application-deployment/dev/vaec-celery-task-definition.json
@@ -291,22 +291,6 @@
           "name": "VANOTIFY_SSL_KEY",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/cert/vanotify-va-key"
         },
-        {
-          "name": "VETEXT_USERNAME",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/vetext/user"
-        },
-        {
-          "name": "VETEXT_PASSWORD",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/vetext/password"
-        },
-        {
-          "name": "VA_SSO_CLIENT_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/iam-sso-client-id"
-        },
-        {
-          "name": "VA_SSO_CLIENT_SECRET",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/iam-sso-client-secret"
-        },
         {
           "name": "VA_ONSITE_SECRET",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/dev/notification-api/onsite/notification-priv"

diff --git a/cd/application-deployment/perf/vaec-api-task-definition.json b/cd/application-deployment/perf/vaec-api-task-definition.json
@@ -103,14 +103,6 @@
           "name": "UI_HOST_NAME",
           "value": "https://perf.notifications.va.gov"
         },
-        {
-          "name": "VANOTIFY_SSL_CERT_PATH",
-          "value": "/app/certs/vanotify_ssl_cert.pem"
-        },
-        {
-          "name": "VANOTIFY_SSL_KEY_PATH",
-          "value": "/app/certs/vanotify_ssl_key.pem"
-        },
         {
           "name": "MPI_URL",
           "value": "https://sqa.services.eauth.va.gov:9303/sqa"
@@ -209,18 +201,6 @@
         }
       ],
       "secrets": [
-        {
-          "name": "COMP_AND_PEN_SERVICE_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/comp-and-pen/service-id"
-        },
-        {
-          "name": "COMP_AND_PEN_TEMPLATE_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/comp-and-pen/template-id"
-        },
-        {
-          "name": "COMP_AND_PEN_SMS_SENDER_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/comp-and-pen/sms-sender-id"
-        },
         {
           "name": "TWILIO_ACCOUNT_SID",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/twilio/account-sid"
@@ -276,18 +256,6 @@
         {
           "name": "VETEXT_PASSWORD",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/vetext/password"
-        },
-        {
-          "name": "VA_SSO_CLIENT_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/iam-sso-client-id"
-        },
-        {
-          "name": "VA_SSO_CLIENT_SECRET",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/iam-sso-client-secret"
-        },
-        {
-          "name": "VA_ONSITE_SECRET",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/onsite/notification-priv"
         }
       ]
     },

diff --git a/cd/application-deployment/perf/vaec-celery-task-definition.json b/cd/application-deployment/perf/vaec-celery-task-definition.json
@@ -255,14 +255,6 @@
           "name": "VA_ONSITE_SECRET",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/onsite/notification-priv"
         },
-        {
-          "name": "VETEXT_USERNAME",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/vetext/user"
-        },
-        {
-          "name": "VETEXT_PASSWORD",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/vetext/password"
-        },
         {
           "name": "VA_PROFILE_TOKEN",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/perf/notification-api/va-profile/auth-token"

diff --git a/cd/application-deployment/prod/vaec-api-task-definition.json b/cd/application-deployment/prod/vaec-api-task-definition.json
@@ -91,14 +91,6 @@
           "name": "VA_PROFILE_URL",
           "value": "https://www.vaprofile.va.gov"
         },
-        {
-          "name": "VANOTIFY_SSL_CERT_PATH",
-          "value": "/app/certs/vanotify_ssl_cert.pem"
-        },
-        {
-          "name": "VANOTIFY_SSL_KEY_PATH",
-          "value": "/app/certs/vanotify_ssl_key.pem"
-        },
         {
           "name": "MPI_URL",
           "value": "https://services.eauth.va.gov:9303/prod"
@@ -213,18 +205,6 @@
         }
       ],
       "secrets": [
-        {
-          "name": "COMP_AND_PEN_SERVICE_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/comp-and-pen/service-id"
-        },
-        {
-          "name": "COMP_AND_PEN_TEMPLATE_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/comp-and-pen/template-id"
-        },
-        {
-          "name": "COMP_AND_PEN_SMS_SENDER_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/comp-and-pen/sms-sender-id"
-        },
         {
           "name": "TWILIO_ACCOUNT_SID",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/twilio/account-sid"
@@ -288,18 +268,6 @@
         {
           "name": "VETEXT_PASSWORD",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/vetext/password"
-        },
-        {
-          "name": "VA_SSO_CLIENT_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/iam-sso-client-id"
-        },
-        {
-          "name": "VA_SSO_CLIENT_SECRET",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/iam-sso-client-secret"
-        },
-        {
-          "name": "VA_ONSITE_SECRET",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/onsite/notification-priv"
         }
       ]
     },

diff --git a/cd/application-deployment/prod/vaec-celery-task-definition.json b/cd/application-deployment/prod/vaec-celery-task-definition.json
@@ -263,14 +263,6 @@
           "name": "REDIS_URL",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/redis/url"
         },
-        {
-          "name": "VETEXT_USERNAME",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/vetext/user"
-        },
-        {
-          "name": "VETEXT_PASSWORD",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/vetext/password"
-        },
         {
           "name": "VA_ONSITE_SECRET",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/prod/notification-api/onsite/notification-priv"

diff --git a/cd/application-deployment/staging/vaec-api-task-definition.json b/cd/application-deployment/staging/vaec-api-task-definition.json
@@ -99,14 +99,6 @@
           "name": "VA_PROFILE_URL",
           "value": "https://qa.vaprofile.va.gov"
         },
-        {
-          "name": "VANOTIFY_SSL_CERT_PATH",
-          "value": "/app/certs/vanotify_ssl_cert.pem"
-        },
-        {
-          "name": "VANOTIFY_SSL_KEY_PATH",
-          "value": "/app/certs/vanotify_ssl_key.pem"
-        },
         {
           "name": "MPI_URL",
           "value": "https://sqa.services.eauth.va.gov:9303/sqa"
@@ -229,18 +221,6 @@
         }
       ],
       "secrets": [
-        {
-          "name": "COMP_AND_PEN_SERVICE_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/comp-and-pen/service-id"
-        },
-        {
-          "name": "COMP_AND_PEN_TEMPLATE_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/comp-and-pen/template-id"
-        },
-        {
-          "name": "COMP_AND_PEN_SMS_SENDER_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/comp-and-pen/sms-sender-id"
-        },
         {
           "name": "TWILIO_ACCOUNT_SID",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/twilio/account-sid"
@@ -304,18 +284,6 @@
         {
           "name": "VETEXT_PASSWORD",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/vetext/password"
-        },
-        {
-          "name": "VA_SSO_CLIENT_ID",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/iam-sso-client-id"
-        },
-        {
-          "name": "VA_SSO_CLIENT_SECRET",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/iam-sso-client-secret"
-        },
-        {
-          "name": "VA_ONSITE_SECRET",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/onsite/notification-priv"
         }
       ]
     },

diff --git a/cd/application-deployment/staging/vaec-celery-task-definition.json b/cd/application-deployment/staging/vaec-celery-task-definition.json
@@ -279,14 +279,6 @@
           "name": "REDIS_URL",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/redis/url"
         },
-        {
-          "name": "VETEXT_USERNAME",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/vetext/user"
-        },
-        {
-          "name": "VETEXT_PASSWORD",
-          "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/vetext/password"
-        },
         {
           "name": "VA_ONSITE_SECRET",
           "valueFrom": "arn:aws-us-gov:ssm:us-gov-west-1:171875617347:parameter/staging/notification-api/onsite/notification-priv"