Skip to main content
U.S. flag

An official website of the United States government

Rotating Secrets IV - Concourse


We integrate and deliver with Concourse. Concourse is also used for the 18F/concourse-broker and is called tenant-concourse-*.

Working with the deployment

The deployment for Concourse is in the cg-deploy-concourse repository. You will need to update both the deployment pipelines for Concourse and the Concourse Jumpboxes used to access the system.


Rotating Concourse secrets has some external dependencies with Bosh secrets and IAM roles. Please complete these rotations first, or reference them at the same time to properly rotate Concourse credentials.

Working with multiple Concourses

Concourse is running in multiple environments of Take note the of the Bosh targets in the deploy-concourse pipeline. Save it locally to a ./tmp directory.

fly --target ${ci_env} \
    get-pipeline \
    --pipeline deploy-concourse \
> tmp/deploy-concourse.pipeline.yml

Pull down the secrets files for each Concourse. Reference the secret key management documentation for downloading and uploading those secrets.