Skip to content

Key Rotation

Jump to bottom
mvgijssel edited this page Dec 27, 2023 · 11 revisions

Rotate BuildBuddy Teleport identity

  1. Login to provisioner

    bazel run //:tsh -- login --user teleport-admin
bazel run //:tsh -- ssh ubuntu@provisioner

  2. Generate Teleport identity for buildbuddy for 180 days using:

    sudo tctl auth sign -o identity --user buildbuddy --format file --ttl 4320h

  3. Copy the contents into op://vgijssel-dev/teleport_buildbuddy_identity and op://vgijssel-prod/teleport_buildbuddy_identity

  • vgijssel-dev / vgijssel-prod service account token 1Password

  1. Remove the identity file

    sudo rm identity

GitHub

  • PULUMI_ACCESS_TOKEN GitHub actions for Pulumi
  • BUILDBUDDY_ORG_API_KEY for Provisioner environment for BuildBuddy stored as GitHub Actions - Provisioner Environment

Bunq

  1. Run bazel run //tools/bunq2ynab:generate_oauth_token to start generating a new token
  2. Open the QR code with the Bunq app
  3. In the Bunq app select all the accounts that are accessible by the token
  4. Accept the connection
  5. Copy the token from the browser and paste it into "op://vgijssel-prod/bunq_api_token/credential"
  6. Run bazel run bazel run //tools/bunq2ynab:list_user-prod` and validate the token works
Clone this wiki locally