From e1dec3f9b84bb49d9306cb85f0c7af399499e930 Mon Sep 17 00:00:00 2001 From: Ben Thorner Date: Thu, 5 Aug 2021 17:24:56 +0100 Subject: [PATCH] Switch to per-app secrets from internal APIs Relates to: [1] [1]: https://github.com/alphagov/notifications-credentials/pull/231 --- app/config.py | 9 +++------ manifest.yml.j2 | 2 +- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/app/config.py b/app/config.py index a3977c99f..3834a73bf 100644 --- a/app/config.py +++ b/app/config.py @@ -84,16 +84,13 @@ class Config(object): # URL of api app (on AWS this is the internal api endpoint) API_HOST_NAME = os.getenv('API_HOST_NAME') - # LEGACY: replacing with INTERNAL_CLIENT_API_KEYS - API_INTERNAL_SECRETS = json.loads(os.environ.get('API_INTERNAL_SECRETS', '[]')) - # secrets that internal apps, such as the admin app or document download, must use to authenticate with the API ADMIN_CLIENT_ID = 'notify-admin' GOVUK_ALERTS_CLIENT_ID = 'govuk-alerts' - INTERNAL_CLIENT_API_KEYS = { - ADMIN_CLIENT_ID: API_INTERNAL_SECRETS - } + INTERNAL_CLIENT_API_KEYS = json.loads( + os.environ.get('INTERNAL_CLIENT_API_KEYS', '{}') + ) # encyption secret/salt SECRET_KEY = os.getenv('SECRET_KEY') diff --git a/manifest.yml.j2 b/manifest.yml.j2 index acd6ca6cd..b8b3a2910 100644 --- a/manifest.yml.j2 +++ b/manifest.yml.j2 @@ -113,7 +113,7 @@ applications: # Credentials variables ADMIN_BASE_URL: '{{ ADMIN_BASE_URL }}' - API_INTERNAL_SECRETS: '{{ API_INTERNAL_SECRETS | tojson }}' + INTERNAL_CLIENT_API_KEYS: '{{ INTERNAL_CLIENT_API_KEYS | tojson }}' API_HOST_NAME: '{{ API_HOST_NAME }}' DANGEROUS_SALT: '{{ DANGEROUS_SALT }}' SECRET_KEY: '{{ SECRET_KEY }}'