Rotate the secrets
Regenerate the secrets in Amazon Web Services Secrets Manager
Read time 1 minuteLast updated 6 days ago
Amazon Web Services (AWS) Secrets Manager stores the secrets. When rotating secrets, consider the requirements:
- For most secrets, you don't need to take additional steps.
- For Keycloak client secrets, you must rotate the secrets using the Keycloak admin console and in the Terraform configuration.
Rotate the mini-usf Keycloak client secret
Because the default mini-usf client secret isn't randomly generated, you must rotate it. To regenerate the secret, complete these steps:- In the Keycloak admin console, switch to the unity realm.
- Go to Manage > Clients, and then select the mini-usf client.
- On the Credentials tab, select Regenerate next to the client secret.
- Copy the secret to the clipboard.
-
Save the secret:
- Use the copied secret to redefine the keycloak_mini_usf_clientsecret variable in the directory .
aws/terraform/tfvars/{region}.tfvars - From the directory , run this command:
aws/terraform
make apply-us-east-1 - Use the copied secret to redefine the keycloak_mini_usf_clientsecret variable in the directory
-
To restart the mini-usf pods in Kubernetes and apply the new secret, run this command:
kubectl rollout restart deployment -n asset-solutions mini-usf