Setup the environment's specific env.yaml

Pre-requisites:

• Git - Before you start, you have to make git available on your computer. Getting-Started-Installing-Git.

• Create an AWS KMS key for encrypt and decrypt the secrets and configure the same https://github.com/mozilla/sops#updatekeys-command

• Sops - Install Mozilla sops https://github.com/mozilla/sops

• KMS key - https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html

• Google API key - https://developers.google.com/maps/documentation/embed/get-api-key

• Helm - Install Helm https://helm.sh/docs/intro/install/

• Domain Name - If you don’t have the domain, Please procure the domain name. ( you can procure it from GoDaddy or any other domain registrar )

• Email Account - Email account for the email notification.

• SMS gateway - Please get the SMS gateway (you can use https://www.smscountry.com/registration or any other SMS gateway provider)

• Two s3 buckets - 1 - assets s3 bucket to keep environment specific pictures and custom-js-injection scripts. 2 - Filestore.

• Payment Gateway - Payment Gateway Service

• IAM user - Access and secret key to access filestore bucket. Please create and attach the IAM policy to the user. ( writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket )

Steps To Setup environment file:

• Please clone the Digit-DevOps repo and checkout to the release branch.

• Create your environment specific file. Go to the environments folder, it is in deploy-as-code/helm/environments.

  • Copy and rename the existing egov-demo-sample.yaml and egov-demo-sample-secrets.yaml files with your environment name.

Example: pb-uat.yaml and pb-uat-secrets.yaml

• Secrets Management using Mozilla sops - Mozilla SOPS is a cli tool to works with filetypes that relies on key:value format (json, yaml, env) and does that by **encrypting only the values**, allowing us to see the keys and thereby comprehend the set of secrets that are present on that file without leaking the values.

  • sops is an editor of encrypted files that supports YAML, JSON, ENV, INI, and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

  • Update the sops key https://github.com/mozilla/sops#updatekeys-command

• Add your domain name.

Open

• Update the egov-config details:

  • Replace the db-host, db-name, and db-url.

  • Upade the db username and password from the env-secrets.yaml. flywayUsername and flywayPassword would be the same as db username and password.

  • Please also update the other values accordingly to your values, like an s3-assets-bucket name and egov-state-level-tenant-id.

  • Note - assets s3 bucket name should be started from your egov-state-level-tenant-id. Example If your tenant id is in the assets bucket name should be in-epass-assets.

Open

• Update the filestore bucket details:

  • update the aws-key and aws-secret-key from env-secrets.yaml.

• Repace the SMS Notification details with your SMS gateway details:

  • update the username and password from env-secrets.yaml.

• Update the mail notification values from env-secrets.yaml.

• Update the Google map key. If you don’t have one, please create the same https://developers.google.com/maps/documentation/embed/get-api-key

• Update the Payment Gateway details with your details.