[GH Request] Rotate edx_smtp_username and edx_smtp_password #876
Comments
katebygrace
added
the
github-request
|
Thank you for your report! @openedx/axim-oncall will triage within a business day. Simple requests usually take 2-3 business days to resolve; more complex requests could take longer. |
|
@katebygrace I've added a new |
|
Thanks @feanil ! I added the new IAM user key/secret. Feel free to add and hit me up on slack if you have any trouble! |
|
@katebygrace It looks like the creds are passed strait through as the SMTP creds. Can you confirm that you've tested this and confirmed that you're getting the e-mails you're sending? This is where the creds are used if that's helpful: https://github.com/openedx/.github/blob/3968981307ed2c11a83bf27483c2cacbe8c5f64c/.github/workflows/upgrade-python-requirements.yml#L94-L118 |
|
@katebygrace is there more left to do on this one? |
|
@brian-smith-tcril Where I left this was, we have the creds but I was waiting on confirmation that they were tested before I updated the secret in github since that's a one-way operation and we can't roll-back to the old creds. |
|
@katebygrace , can you respond to Feanil's question above so I can update the secrets in GitHub and close this out? |
|
Pinged Kate in Slack yesterday and also didn't hear back, so I'm closing this as stale. @feanil do you want to put a note in with those creds that they're not currently in use and point back to this ticket? I don't seem to have access to that shared password folder. |
github-project-automation
bot
moved this from Blocked
to Done
in Axim Engineering Tasks
Firm Name
2u
Urgency
Low (2 weeks)
Requested Change
Hey there,
I'd like to rotate all IAM users in production, including openedx-smtp. I believe this is stored in your GHA secrets as edx_smtp_username / edx_smtp_password. Let me know a good place to toss the creds. Thanks!
Previous ticket for reference #842
Reasoning
Security
The text was updated successfully, but these errors were encountered: