Environment variables were not shell friendly

The environment names were dictated by some library we no longer use. I removed
that dependency, but kept the environment variables the same to not break stuff
anything.

This commit changes that to be shell-friendly. Before, if you wanted to write a
script to run the app, you'd need to resort to using either an external app, or
`env -S $(< envfile) flask ...`.

By swapping to dashes we're a little more generic in the kinds of ways you can
call the app.

Jira: IAM-950

Author: bheesham

clouddeploy/sso-dashboard-dev.template.yaml

@@ -49,42 +49,38 @@ spec:
         env:
           - name: 'TARGET'
             value: 'Staging'
-          - name: SSO-DASHBOARD_DEBUG
-            value: True
-          - name: SSO-DASHBOARD_TESTING
+          - name: TESTING
             value: False
-          - name: SSO-DASHBOARD_CSRF_ENABLED
+          - name: CSRF_ENABLED
             value: True
-          - name: SSO-DASHBOARD_PERMANENT_SESSION
+          - name: PERMANENT_SESSION
             value: True
-          - name: SSO-DASHBOARD_PERMANENT_SESSION_LIFETIME
+          - name: PERMANENT_SESSION_LIFETIME
             value: 86400
-          - name: SSO-DASHBOARD_SESSION_COOKIE_HTTPONLY
+          - name: SESSION_COOKIE_HTTPONLY
             value: True
-          - name: SSO-DASHBOARD_PREFERRED_URL_SCHEME
+          - name: PREFERRED_URL_SCHEME
             value: https
-          - name: SSO-DASHBOARD_OIDC_CLIENT_ID
+          - name: OIDC_CLIENT_ID
             value: 2KNOUCxN8AFnGGjDCGtqiDIzq8MKXi2h
-          - name: SSO-DASHBOARD_OIDC_DOMAIN
+          - name: OIDC_DOMAIN
             value: idp-dev.iam.mozilla.com
-          - name: SSO-DASHBOARD_SERVER_NAME
+          - name: SERVER_NAME
             value: sso.allizom.org
-          - name: SSO-DASHBOARD_CDN
+          - name: CDN
             value: https://cdn.sso.mozilla.com
-          - name: SSO-DASHBOARD_S3_BUCKET
+          - name: S3_BUCKET
             value: sso-dashboard.configuration
-          - name: SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY
+          - name: FORBIDDEN_PAGE_PUBLIC_KEY
             value: "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBcStWVXhsWWlENUF1aGh3a0hEb3kNCmFXV0YzcFlzQmxGaDlUendZeGNNR282TFdUODljb0xuUDdWVHlLbGdsTklmTG5KZDdqY2E5VUJ1QjhIVFBQYWoNCk5Ibk5UaUZ5UEZTbjFoaVhqSDJieUNDNnA1ZnByRWFEazV3YVpVNTgwaTRDaVlYcWtrWWdVbXVINW91Mnl4NW4NClZCVGJmcityZFQ0a0tRdi9Dek9ZR1o3K05NVUdXYTMvNXRMZklyRXZnV2tTTEluemtVZVhUS3huRSs5a1AvU2ENCkM4SDZsNnBKbm9oOVpiY3J4RGhkbVl6TEx2c0tIQ2tidmdCczNiaUFkSENzeHFEeFcxSGlOMzJYeEc4Y1pyc00NCjV1ZDdnbHNNY2VZWk82aENTZW4vckFUWmJkc3RETWNLa2YzMTBpUFgxRWF5ZzNPcDNZUlVTdkxzVmp5bmxQZmYNClRSVjFmQ2hJaXFwQWdnS2x4MXdqRUk2UVBuQWdpU1E0WEJweTFCK3FUSTltd1BhcE5yY2IzbkpFNDFNT0dEZGwNCmFLcHlMeGdaeEI4NmNKYTlVQXZGSEFOR08zRXA1Vmd0UjNoUStqWkY2RGFHUThjMHNyaHg4MTc4dWJybFY2NGsNCnVxK1ozVUZBZHhDbHZTRnc0eDVyTm1tV2dTN280OG9yMnhWdXVXMTQxNEZYTVBvaytDNUdabGd6ZG5zZ3cxWlQNCmhzTWNldG1temthUTlyeWxmYXVRR1gzMk5lZ3FlOWFyR0VGbXBqYjJUb2w0Tk1RLy83MzRuVFN2Q1lmL0o0Qi8NCnR0NjJzOXRBTU1ZdkpvN0ZRV2o0Qks3dUYvYmxTbTczYUVvVlFiNHdzWjJRWWpMeVlWcGh2UFprYVdaZHA0Wi8NCng0STlPT3lOYThtaGZkK3h0OU9uWXVzQ0F3RUFBUT09DQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0NCg==\n"
-          - name: SSO-DASHBOARD_REDIS_CONNECTOR
+          - name: REDIS_CONNECTOR
             value: 10.182.16.6:6379
           - name: AWS_DEFAULT_REGION
             value: us-west-2
           - name: ENVIRONMENT
             value: development
           - name: FLASK_DEBUG
             value: False
-          - name: DEBUG
-            value: False
           - name: LANG
             value: en_US.utf8
           - name: FLASK_APP
@@ -96,12 +92,12 @@ spec:
               secretKeyRef:
                 key: latest
                 name: sso-dashboard-aws-secret-access-key
-          - name: SSO-DASHBOARD_SECRET_KEY
+          - name: SECRET_KEY
             valueFrom:
               secretKeyRef:
                 key: latest
                 name: sso-dashboard-dev-secret-key
-          - name: SSO-DASHBOARD_OIDC_CLIENT_SECRET
+          - name: OIDC_CLIENT_SECRET
             valueFrom:
               secretKeyRef:
                 key: latest

clouddeploy/sso-dashboard-prod.template.yaml

@@ -49,42 +49,38 @@ spec:
         env:
           - name: TARGET
             value: Prod
-          - name: SSO-DASHBOARD_DEBUG
+          - name: TESTING
             value: False
-          - name: SSO-DASHBOARD_TESTING
-            value: False
-          - name: SSO-DASHBOARD_CSRF_ENABLED
+          - name: CSRF_ENABLED
             value: True
-          - name: SSO-DASHBOARD_PERMANENT_SESSION
+          - name: PERMANENT_SESSION
             value: True
-          - name: SSO-DASHBOARD_PERMANENT_SESSION_LIFETIME
+          - name: PERMANENT_SESSION_LIFETIME
             value: 86400
-          - name: SSO-DASHBOARD_SESSION_COOKIE_HTTPONLY
+          - name: SESSION_COOKIE_HTTPONLY
             value: True
-          - name: SSO-DASHBOARD_PREFERRED_URL_SCHEME
+          - name: PREFERRED_URL_SCHEME
             value: https
-          - name: SSO-DASHBOARD_OIDC_CLIENT_ID
+          - name: OIDC_CLIENT_ID
             value: UCOY390lYDxgj5rU8EeXRtN6EP005k7V
-          - name: SSO-DASHBOARD_OIDC_DOMAIN
+          - name: OIDC_DOMAIN
             value: auth.mozilla.auth0.com
-          - name: SSO-DASHBOARD_SERVER_NAME
+          - name: SERVER_NAME
             value: sso.mozilla.com
-          - name: SSO-DASHBOARD_CDN
+          - name: CDN
             value: https://cdn.sso.mozilla.com
-          - name: SSO-DASHBOARD_S3_BUCKET
+          - name: S3_BUCKET
             value: sso-dashboard.configuration
-          - name: SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY
+          - name: FORBIDDEN_PAGE_PUBLIC_KEY
             value: "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBcStWVXhsWWlENUF1aGh3a0hEb3kNCmFXV0YzcFlzQmxGaDlUendZeGNNR282TFdUODljb0xuUDdWVHlLbGdsTklmTG5KZDdqY2E5VUJ1QjhIVFBQYWoNCk5Ibk5UaUZ5UEZTbjFoaVhqSDJieUNDNnA1ZnByRWFEazV3YVpVNTgwaTRDaVlYcWtrWWdVbXVINW91Mnl4NW4NClZCVGJmcityZFQ0a0tRdi9Dek9ZR1o3K05NVUdXYTMvNXRMZklyRXZnV2tTTEluemtVZVhUS3huRSs5a1AvU2ENCkM4SDZsNnBKbm9oOVpiY3J4RGhkbVl6TEx2c0tIQ2tidmdCczNiaUFkSENzeHFEeFcxSGlOMzJYeEc4Y1pyc00NCjV1ZDdnbHNNY2VZWk82aENTZW4vckFUWmJkc3RETWNLa2YzMTBpUFgxRWF5ZzNPcDNZUlVTdkxzVmp5bmxQZmYNClRSVjFmQ2hJaXFwQWdnS2x4MXdqRUk2UVBuQWdpU1E0WEJweTFCK3FUSTltd1BhcE5yY2IzbkpFNDFNT0dEZGwNCmFLcHlMeGdaeEI4NmNKYTlVQXZGSEFOR08zRXA1Vmd0UjNoUStqWkY2RGFHUThjMHNyaHg4MTc4dWJybFY2NGsNCnVxK1ozVUZBZHhDbHZTRnc0eDVyTm1tV2dTN280OG9yMnhWdXVXMTQxNEZYTVBvaytDNUdabGd6ZG5zZ3cxWlQNCmhzTWNldG1temthUTlyeWxmYXVRR1gzMk5lZ3FlOWFyR0VGbXBqYjJUb2w0Tk1RLy83MzRuVFN2Q1lmL0o0Qi8NCnR0NjJzOXRBTU1ZdkpvN0ZRV2o0Qks3dUYvYmxTbTczYUVvVlFiNHdzWjJRWWpMeVlWcGh2UFprYVdaZHA0Wi8NCng0STlPT3lOYThtaGZkK3h0OU9uWXVzQ0F3RUFBUT09DQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0NCg==\n"
-          - name: SSO-DASHBOARD_REDIS_CONNECTOR
+          - name: REDIS_CONNECTOR
             value: 10.182.16.6:6379
           - name: AWS_DEFAULT_REGION
             value: us-west-2
           - name: ENVIRONMENT
             value: production
           - name: FLASK_DEBUG
             value: False
-          - name: DEBUG
-            value: False
           - name: LANG
             value: en_US.utf8
           - name: FLASK_APP
@@ -96,12 +92,12 @@ spec:
               secretKeyRef:
                 key: latest
                 name: sso-dashboard-aws-secret-access-key
-          - name: SSO-DASHBOARD_SECRET_KEY
+          - name: SECRET_KEY
             valueFrom:
               secretKeyRef:
                 key: latest
                 name: sso-dashboard-prod-secret-key
-          - name: SSO-DASHBOARD_OIDC_CLIENT_SECRET
+          - name: OIDC_CLIENT_SECRET
             valueFrom:
               secretKeyRef:
                 key: latest

clouddeploy/sso-dashboard-staging.template.yaml

@@ -49,42 +49,38 @@ spec:
         env:
           - name: TARGET
             value: Prod
-          - name: SSO-DASHBOARD_DEBUG
+          - name: TESTING
             value: False
-          - name: SSO-DASHBOARD_TESTING
-            value: False
-          - name: SSO-DASHBOARD_CSRF_ENABLED
+          - name: CSRF_ENABLED
             value: True
-          - name: SSO-DASHBOARD_PERMANENT_SESSION
+          - name: PERMANENT_SESSION
             value: True
-          - name: SSO-DASHBOARD_PERMANENT_SESSION_LIFETIME
+          - name: PERMANENT_SESSION_LIFETIME
             value: 86400
-          - name: SSO-DASHBOARD_SESSION_COOKIE_HTTPONLY
+          - name: SESSION_COOKIE_HTTPONLY
             value: True
-          - name: SSO-DASHBOARD_PREFERRED_URL_SCHEME
+          - name: PREFERRED_URL_SCHEME
             value: https
-          - name: SSO-DASHBOARD_OIDC_CLIENT_ID
+          - name: OIDC_CLIENT_ID
             value: UCOY390lYDxgj5rU8EeXRtN6EP005k7V
-          - name: SSO-DASHBOARD_OIDC_DOMAIN
+          - name: OIDC_DOMAIN
             value: auth.mozilla.auth0.com
-          - name: SSO-DASHBOARD_SERVER_NAME
+          - name: SERVER_NAME
             value: staging.sso.mozilla.com
-          - name: SSO-DASHBOARD_CDN
+          - name: CDN
             value: https://cdn.sso.mozilla.com
-          - name: SSO-DASHBOARD_S3_BUCKET
+          - name: S3_BUCKET
             value: sso-dashboard.configuration
-          - name: SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY
+          - name: FORBIDDEN_PAGE_PUBLIC_KEY
             value: "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBcStWVXhsWWlENUF1aGh3a0hEb3kNCmFXV0YzcFlzQmxGaDlUendZeGNNR282TFdUODljb0xuUDdWVHlLbGdsTklmTG5KZDdqY2E5VUJ1QjhIVFBQYWoNCk5Ibk5UaUZ5UEZTbjFoaVhqSDJieUNDNnA1ZnByRWFEazV3YVpVNTgwaTRDaVlYcWtrWWdVbXVINW91Mnl4NW4NClZCVGJmcityZFQ0a0tRdi9Dek9ZR1o3K05NVUdXYTMvNXRMZklyRXZnV2tTTEluemtVZVhUS3huRSs5a1AvU2ENCkM4SDZsNnBKbm9oOVpiY3J4RGhkbVl6TEx2c0tIQ2tidmdCczNiaUFkSENzeHFEeFcxSGlOMzJYeEc4Y1pyc00NCjV1ZDdnbHNNY2VZWk82aENTZW4vckFUWmJkc3RETWNLa2YzMTBpUFgxRWF5ZzNPcDNZUlVTdkxzVmp5bmxQZmYNClRSVjFmQ2hJaXFwQWdnS2x4MXdqRUk2UVBuQWdpU1E0WEJweTFCK3FUSTltd1BhcE5yY2IzbkpFNDFNT0dEZGwNCmFLcHlMeGdaeEI4NmNKYTlVQXZGSEFOR08zRXA1Vmd0UjNoUStqWkY2RGFHUThjMHNyaHg4MTc4dWJybFY2NGsNCnVxK1ozVUZBZHhDbHZTRnc0eDVyTm1tV2dTN280OG9yMnhWdXVXMTQxNEZYTVBvaytDNUdabGd6ZG5zZ3cxWlQNCmhzTWNldG1temthUTlyeWxmYXVRR1gzMk5lZ3FlOWFyR0VGbXBqYjJUb2w0Tk1RLy83MzRuVFN2Q1lmL0o0Qi8NCnR0NjJzOXRBTU1ZdkpvN0ZRV2o0Qks3dUYvYmxTbTczYUVvVlFiNHdzWjJRWWpMeVlWcGh2UFprYVdaZHA0Wi8NCng0STlPT3lOYThtaGZkK3h0OU9uWXVzQ0F3RUFBUT09DQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0NCg==\n"
-          - name: SSO-DASHBOARD_REDIS_CONNECTOR
+          - name: REDIS_CONNECTOR
             value: 10.182.16.6:6379
           - name: AWS_DEFAULT_REGION
             value: us-west-2
           - name: ENVIRONMENT
             value: staging
           - name: FLASK_DEBUG
             value: False
-          - name: DEBUG
-            value: False
           - name: LANG
             value: en_US.utf8
           - name: FLASK_APP
@@ -96,12 +92,12 @@ spec:
               secretKeyRef:
                 key: latest
                 name: sso-dashboard-aws-secret-access-key
-          - name: SSO-DASHBOARD_SECRET_KEY
+          - name: SECRET_KEY
             valueFrom:
               secretKeyRef:
                 key: latest
                 name: sso-dashboard-prod-secret-key
-          - name: SSO-DASHBOARD_OIDC_CLIENT_SECRET
+          - name: OIDC_CLIENT_SECRET
             valueFrom:
               secretKeyRef:
                 key: latest

dashboard/config.py

@@ -9,36 +9,41 @@ class Default:
     """Defaults for the configuration objects."""
 
     ENVIRONMENT: str = os.environ.get("ENVIRONMENT", "local")
-    DEBUG: bool = os.environ.get("SSO-DASHBOARD_DEBUG", "True") == "True"
-    TESTING: bool = os.environ.get("SSO-DASHBOARD_TESTING", "True") == "True"
 
-    CSRF_ENABLED: bool = os.environ.get("SSO-DASHBOARD_CSRF_ENABLED", "True") == "True"
-    PERMANENT_SESSION: bool = os.environ.get("SSO-DASHBOARD_PERMANENT_SESSION", "True") == "True"
+    # Flask makes use of the `FLASK_DEBUG` environment variable, with or
+    # without using `Flask.config.from_prefixed_env` (a method we don't
+    # use).
+    DEBUG: bool = os.environ.get("FLASK_DEBUG", "True") == "True"
+
+    TESTING: bool = os.environ.get("TESTING", "True") == "True"
+
+    CSRF_ENABLED: bool = os.environ.get("CSRF_ENABLED", "True") == "True"
+    PERMANENT_SESSION: bool = os.environ.get("PERMANENT_SESSION", "True") == "True"
     PERMANENT_SESSION_LIFETIME: datetime.timedelta = datetime.timedelta(
-        seconds=int(os.environ.get("SSO-DASHBOARD_PERMANENT_SESSION_LIFETIME", "86400"))
+        seconds=int(os.environ.get("PERMANENT_SESSION_LIFETIME", "86400"))
     )
 
-    SESSION_COOKIE_SAMESITE: str = os.environ.get("SSO-DASHBOARD_SESSION_COOKIE_SAMESITE", "lax")
-    SESSION_COOKIE_HTTPONLY: bool = os.environ.get("SSO-DASHBOARD_SESSION_COOKIE_HTTPONLY", "True") == "True"
+    SESSION_COOKIE_SAMESITE: str = os.environ.get("SESSION_COOKIE_SAMESITE", "lax")
+    SESSION_COOKIE_HTTPONLY: bool = os.environ.get("SESSION_COOKIE_HTTPONLY", "True") == "True"
 
     SECRET_KEY: str
-    SERVER_NAME: str = os.environ.get("SSO-DASHBOARD_SERVER_NAME", "localhost:8000")
+    SERVER_NAME: str = os.environ.get("SERVER_NAME", "localhost:8000")
     SESSION_COOKIE_NAME: str
     CDN: str
 
     S3_BUCKET: str
     FORBIDDEN_PAGE_PUBLIC_KEY: bytes
 
-    PREFERRED_URL_SCHEME: str = os.environ.get("SSO-DASHBOARD_PREFERRED_URL_SCHEME", "https")
+    PREFERRED_URL_SCHEME: str = os.environ.get("PREFERRED_URL_SCHEME", "https")
     REDIS_CONNECTOR: str
 
     def __init__(self):
         self.SESSION_COOKIE_NAME = f"{self.SERVER_NAME}_session"
-        self.CDN = os.environ.get("SSO-DASHBOARD_CDN", f"https://cdn.{self.SERVER_NAME}")
-        self.REDIS_CONNECTOR = os.environ["SSO-DASHBOARD_REDIS_CONNECTOR"]
-        self.SECRET_KEY = os.environ["SSO-DASHBOARD_SECRET_KEY"]
-        self.S3_BUCKET = os.environ["SSO-DASHBOARD_S3_BUCKET"]
-        self.FORBIDDEN_PAGE_PUBLIC_KEY = base64.b64decode(os.environ["SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY"])
+        self.CDN = os.environ.get("CDN", f"https://cdn.{self.SERVER_NAME}")
+        self.REDIS_CONNECTOR = os.environ["REDIS_CONNECTOR"]
+        self.SECRET_KEY = os.environ["SECRET_KEY"]
+        self.S3_BUCKET = os.environ["S3_BUCKET"]
+        self.FORBIDDEN_PAGE_PUBLIC_KEY = base64.b64decode(os.environ["FORBIDDEN_PAGE_PUBLIC_KEY"])
 
 
 class OIDC:
@@ -52,12 +57,12 @@ class OIDC:
 
     def __init__(self):
         """General object initializer."""
-        self.OIDC_DOMAIN = os.environ["SSO-DASHBOARD_OIDC_DOMAIN"]
-        self.OIDC_CLIENT_ID = os.environ["SSO-DASHBOARD_OIDC_CLIENT_ID"]
-        self.OIDC_CLIENT_SECRET = os.environ["SSO-DASHBOARD_OIDC_CLIENT_SECRET"]
+        self.OIDC_DOMAIN = os.environ["OIDC_DOMAIN"]
+        self.OIDC_CLIENT_ID = os.environ["OIDC_CLIENT_ID"]
+        self.OIDC_CLIENT_SECRET = os.environ["OIDC_CLIENT_SECRET"]
         # Check for a prefixed environment variable, otherwise fallback to the
         # unprefixed one.
-        if redirect_uri := os.environ.get("SSO-DASHBOARD_OIDC_REDIRECT_URI"):
+        if redirect_uri := os.environ.get("OIDC_REDIRECT_URI"):
             self.OIDC_REDIRECT_URI = redirect_uri
         else:
             self.OIDC_REDIRECT_URI = os.environ["OIDC_REDIRECT_URI"]

env.example

@@ -4,46 +4,46 @@
 # This should be random in production deployment used in session security.
 # Easy way to generate:
 # openssl rand -hex 64
-SSO-DASHBOARD_SECRET_KEY="this is a secret key"
+SECRET_KEY="this is a secret key"
 
 # local, development, staging, or production.
 ENVIRONMENT="local"
 
 # OpenID Connect Specific Parameters
 # We use Auth0, the configs for this would be under the Application "Settings"
 # page.
-SSO-DASHBOARD_OIDC_DOMAIN="auth0.example.com"
-SSO-DASHBOARD_OIDC_CLIENT_ID=""
-SSO-DASHBOARD_OIDC_CLIENT_SECRET=""
+OIDC_DOMAIN="auth0.example.com"
+OIDC_CLIENT_ID=""
+OIDC_CLIENT_SECRET=""
 
 # Yes, this one is not namespaced.
 # DEBT(bhee): standardize at some point.
 OIDC_REDIRECT_URI='https://localhost.localdomain:8000/redirect_uri'
 
-# Controls the logging levels
-SSO-DASHBOARD_DEBUG=True
+# Controls the logging levels.
+FLASK_DEBUG=True
 
 # Unused right now.
-SSO-DASHBOARD_TESTING=False
+TESTING=False
 
 # Reasonable for local development, you'll want to change these in production
 # though.
-SSO-DASHBOARD_CSRF_ENABLED=True
-SSO-DASHBOARD_PERMANENT_SESSION=True
-SSO-DASHBOARD_PERMANENT_SESSION_LIFETIME=86400
-SSO-DASHBOARD_SESSION_COOKIE_HTTPONLY=True
-SSO-DASHBOARD_SERVER_NAME=localhost.localdomain:8000
-SSO-DASHBOARD_PREFERRED_URL_SCHEME=http
+CSRF_ENABLED=True
+PERMANENT_SESSION=True
+PERMANENT_SESSION_LIFETIME=86400
+SESSION_COOKIE_HTTPONLY=True
+SERVER_NAME=localhost.localdomain:8000
+PREFERRED_URL_SCHEME=http
 
 # You'll need a running redis.
 # See compose.yml.
-SSO-DASHBOARD_REDIS_CONNECTOR=redis:6379
+REDIS_CONNECTOR=redis:6379
 
 # Where we publish the `apps.yml` file.
-SSO-DASHBOARD_CDN=https://cdn.sso.mozilla.com
-SSO-DASHBOARD_S3_BUCKET=sso-dashboard.configuration
+CDN=https://cdn.sso.mozilla.com
+S3_BUCKET=sso-dashboard.configuration
 
 # Used to decode the JWS from Auth0 (e.g. for if we redirect back and there's some
 # context Auth0 passes us, like the error code.)
 # Base64 + PEM encoded.
-SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY=""
+FORBIDDEN_PAGE_PUBLIC_KEY=""

tests/test_vanity.py

@@ -13,11 +13,11 @@ def externals(monkeypatch):
     models_dir = Path(__file__).parent / "models"
     monkeypatch.setattr("os.path.dirname", lambda _: models_dir)
     # Internal to how Configs work.
-    monkeypatch.setenv("SSO-DASHBOARD_REDIS_CONNECTOR", "foobar")
-    monkeypatch.setenv("SSO-DASHBOARD_SECRET_KEY", "deadbeef")
-    monkeypatch.setenv("SSO-DASHBOARD_S3_BUCKET", "")
-    monkeypatch.setenv("SSO-DASHBOARD_FORBIDDEN_PAGE_PUBLIC_KEY", "")
-    monkeypatch.setenv("SSO-DASHBOARD_CDN", "https://localhost")
+    monkeypatch.setenv("REDIS_CONNECTOR", "foobar")
+    monkeypatch.setenv("SECRET_KEY", "deadbeef")
+    monkeypatch.setenv("S3_BUCKET", "")
+    monkeypatch.setenv("FORBIDDEN_PAGE_PUBLIC_KEY", "")
+    monkeypatch.setenv("CDN", "https://localhost")
 
 
 @pytest.fixture