Merge pull request #3304 from alphagov/switch-to-per-app-api-keys-179039225

Switch to per-app secrets from internal APIs

app/config.py

@@ -84,16 +84,13 @@ class Config(object):
     # URL of api app (on AWS this is the internal api endpoint)
     API_HOST_NAME = os.getenv('API_HOST_NAME')
 
-    # LEGACY: replacing with INTERNAL_CLIENT_API_KEYS
-    API_INTERNAL_SECRETS = json.loads(os.environ.get('API_INTERNAL_SECRETS', '[]'))
-
     # secrets that internal apps, such as the admin app or document download, must use to authenticate with the API
     ADMIN_CLIENT_ID = 'notify-admin'
     GOVUK_ALERTS_CLIENT_ID = 'govuk-alerts'
 
-    INTERNAL_CLIENT_API_KEYS = {
+    INTERNAL_CLIENT_API_KEYS = json.loads(
-        ADMIN_CLIENT_ID: API_INTERNAL_SECRETS
+        os.environ.get('INTERNAL_CLIENT_API_KEYS', '{}')
-    }
+    )
 
     # encyption secret/salt
     SECRET_KEY = os.getenv('SECRET_KEY')

manifest.yml.j2

@@ -113,7 +113,7 @@ applications:
 
       # Credentials variables
       ADMIN_BASE_URL: '{{ ADMIN_BASE_URL }}'
-      API_INTERNAL_SECRETS: '{{ API_INTERNAL_SECRETS | tojson }}'
+      INTERNAL_CLIENT_API_KEYS: '{{ INTERNAL_CLIENT_API_KEYS | tojson }}'
       API_HOST_NAME: '{{ API_HOST_NAME }}'
       DANGEROUS_SALT: '{{ DANGEROUS_SALT }}'
       SECRET_KEY: '{{ SECRET_KEY }}'