Refresh secrets for VRMS backend

[Tyson-miller]

As part of work done on this issue, there were some secrets mistakenly exposed in the PR that we should now refresh.

The list of secrets is:

• gmail_client_id
• gmail_refresh_token
• gmail_secret_id
• mailhog_password
• slack_bot_token
• slack_client_id
• slack_client_secret
• slack_oauth_token
• slack_signing_secret
  Which are set as container_env_vars in the ecs container for the vrms-backend.

The current secret values are stored in 1password and you can reach out to @Tyson-miller or in the ops channel to get them.

[JackHaeg]

@spiteless These secrets are contained in the VRMS vault within 1password.

[trillium]

Hey all, hopped on the DevOps COP call today and Bonnie requested I put some details on the secrets struggles here

Looking to refresh the tokens

gmail_client_id
gmail_refresh_token
gmail_secret_id
mailhog_password
slack_bot_token
slack_client_id
slack_client_secret
slack_oauth_token
slack_signing_secret

---

I have access to VRMS secrets, which stores these 4 env variables:

Screenshot of hackforlaVRMS/settings

I don't currently have access to my 1password account, resolving that with support.

---

Here's the template that our client/backend .env files use:

Backend Secrets template

CUSTOM_REQUEST_HEADER=
SLACK_OAUTH_TOKEN=
SLACK_BOT_TOKEN=
SLACK_TEAM_ID=
SLACK_CHANNEL_ID=
SLACK_CLIENT_ID=
SLACK_CLIENT_SECRET=
SLACK_SIGNING_SECRET=
BACKEND_PORT=
REACT_APP_PROXY=
GMAIL_CLIENT_ID=
GMAIL_SECRET_ID=
GMAIL_REFRESH_TOKEN=
GMAIL_EMAIL=
MAILHOG_PORT=
MAILHOG_USER=
MAILHOG_PASSWORD=
JWT_SECRET=
SECRET=
NODE_ENV=

Front End

CLIENT_PORT=
CLIENT_URL=
BACKEND_HOST=
BACKEND_PORT=
REACT_APP_PROXY=
REACT_APP_CUSTOM_REQUEST_HEADER=
VITE_CLIENT_PORT=
VITE_CLIENT_URL=
VITE_BACKEND_HOST=
VITE_BACKEND_PORT=
VITE_REACT_APP_PROXY=
VITE_REACT_APP_CUSTOM_REQUEST_HEADER=

---

Questions and Clarifications

• Are these secrets for stored in 1password?
• Are the secrets pulled from 1password during our build?
• Do the secrets need to be changed anywhere else as well?

After all this is finished, we're looking to write a guide so that if the secrets are exposed again in the future we can solve it faster.

[JackHaeg]

@spiteless Just to follow up on the "Questions and Clarifications" section in your comment, as I mentioned in my previous comment, the secrets are contained within the VRMS vault within 1password.

[JackHaeg]

@jbubar & @spiteless put in a request to be able to view AWS deployment.