Credentials and secrets

Credentials store

Sensitive configuration parameters are stored in the digitalmarketplace-credentials repository.

Mozilla SOPS

We use Mozilla SOPS to encrypt/decrypt secrets using Amazon KMS.

SOPS can create a file that stores your secrets in your chosen format along with some metadata about how the file should be decrypted.

Because Digital Marketplace encrypts its files with AWS KMS keys SOPS will attempt to retrieve the correct key from AWS KMS (using the stored profile of the user) and use it to decrypt the file.

For more about SOPS in general please read the official documentation because it is really informative and gives you a good overview.

For specific information about how SOPS is used on Digital Marketplace please consult the README in the credentials repository.

SSH keys

To access Jenkins via SSH, you will need to add your GitHub id to the file jenkins-vars/jenkins.yaml. See adding and removing access for new starters for more details.