An official website of the United States government US flag signifying that this is a United States Federal Government website

Rotating Secrets IV - Concourse

Rotating Secrets IV - Concourse

This page is primarily for the cloud.gov team. It's public so that you can learn from it. For help using cloud.gov, see the user docs.

Introduction

We integrate and deliver cloud.gov with Concourse. Concourse is also used for the 18F/concourse-broker and is called tenant-concourse-*.

Working with the deployment

The deployment for Concourse is in the cg-deploy-concourse repository. You will need to update both the deployment pipelines for Concourse and the Concourse Jumpboxes used to access the system.

Dependencies

Rotating Concourse secrets has some external dependencies with Bosh secrets and IAM roles. Please complete these rotations first, or reference them at the same time to properly rotate Concourse credentials.

Working with multiple Concourses

Concourse is running in multiple environments of cloud.gov. Take note the of the Bosh targets in the deploy-concourse pipeline. Save it locally to a ./tmp directory.

fly --target ${ci_env} \
    get-pipeline \
    --pipeline deploy-concourse \
> tmp/deploy-concourse.pipeline.yml

Pull down the secrets files for each Concourse. Reference the secret key management documentation for downloading and uploading those secrets.