Pass ADMIN_CLIENT_SECRET through deploy process

.github/workflows/deploy.yml

@@ -35,8 +35,9 @@ jobs:
     - name: Deploy to cloud.gov
       uses: 18f/cg-deploy-action@main
       env:
-        DANGEROUS_SALT: ${{ secrets.DANGEROUS_SALT }}
+        DANGEROUS_SALT: ${{ secrets.PROD_DANGEROUS_SALT }}
-        SECRET_KEY: ${{ secrets.SECRET_KEY }}
+        SECRET_KEY: ${{ secrets.PROD_SECRET_KEY }}
+        ADMIN_CLIENT_SECRET: ${{ secrets.PROD_ADMIN_CLIENT_SECRET }}
         AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
         AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       with:
@@ -44,11 +45,11 @@ jobs:
         cf_password: ${{ secrets.cloudgov_password }}
         cf_org: gsa-10x-prototyping
         cf_space: 10x-notifications
-        full_command: |
+        push_arguments: >-
-          cf push --strategy rolling \
+          --var DANGEROUS_SALT="$DANGEROUS_SALT"
-          --var DANGEROUS_SALT="$DANGEROUS_SALT" \
+          --var SECRET_KEY="$SECRET_KEY"
-          --var SECRET_KEY="$SECRET_KEY" \
+          --var ADMIN_CLIENT_SECRET="$ADMIN_CLIENT_SECRET"
-          --var AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
+          --var AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID"
           --var AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY"
 
   bail:

manifest.yml

@@ -27,9 +27,10 @@ applications:
       NOTIFICATION_QUEUE_PREFIX: prototype_10x
       STATSD_HOST: localhost
 
-      INTERNAL_CLIENT_API_KEYS: '{"notify-admin":["dev-notify-secret-key"]}'
+      INTERNAL_CLIENT_API_KEYS: '{"notify-admin":["((ADMIN_CLIENT_SECRET))"]}'
 
       # Credentials variables
+      ADMIN_CLIENT_SECRET: ((ADMIN_CLIENT_SECRET))
       DANGEROUS_SALT: ((DANGEROUS_SALT))
       SECRET_KEY: ((SECRET_KEY))
       AWS_REGION: us-west-2
@@ -37,5 +38,3 @@ applications:
       AWS_US_TOLL_FREE_NUMBER: +18446120782
 
       DVLA_EMAIL_ADDRESSES: []
-
-      NOTIFY_EMAIL_DOMAIN: dispostable.com