Setup the environment's specific env.yaml
Pre-requisites:
Git - Before you start, you have to make git available on your computer. Getting-Started-Installing-Git.
Create an AWS KMS key for encrypt and decrypt the secrets and configure the same https://github.com/mozilla/sops#updatekeys-command
Sops - Install Mozilla sops https://github.com/mozilla/sops
KMS key - https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html
Google API key - https://developers.google.com/maps/documentation/embed/get-api-key
Helm - Install Helm https://helm.sh/docs/intro/install/
Domain Name - If you don’t have the domain, Please procure the domain name. ( you can procure it from GoDaddy or any other domain registrar )
Email Account - Email account for the email notification.
SMS gateway - Please get the SMS gateway (you can use https://www.smscountry.com/registration or any other SMS gateway provider)
Two s3 buckets - 1 - assets s3 bucket to keep environment specific pictures and custom-js-injection scripts. 2 - Filestore.
Payment Gateway - Payment Gateway Service
IAM user - Access and secret key to access filestore bucket. Please create and attach the IAM policy to the user. ( writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket )
Steps To Setup environment file:
Please clone the Digit-DevOps repo and checkout to the release branch.
Create your environment specific file. Go to the environments folder, it is in deploy-as-code/helm/environments.
Copy and rename the existing egov-demo-sample.yaml and egov-demo-sample-secrets.yaml files with your environment name.
Example: pb-uat.yaml and pb-uat-secrets.yaml
Secrets Management using Mozilla sops - Mozilla SOPS is a cli tool to works with filetypes that relies on key:value format (json, yaml, env) and does that by **encrypting only the values**, allowing us to see the keys and thereby comprehend the set of secrets that are present on that file without leaking the values.
sops is an editor of encrypted files that supports YAML, JSON, ENV, INI, and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.
Update the sops key https://github.com/mozilla/sops#updatekeys-command
Add your domain name.
Update the egov-config details:
Replace the db-host, db-name, and db-url.
Upade the db username and password from the env-secrets.yaml. flywayUsername and flywayPassword would be the same as db username and password.
Please also update the other values accordingly to your values, like an s3-assets-bucket name and egov-state-level-tenant-id.
Note - assets s3 bucket name should be started from your egov-state-level-tenant-id. Example If your tenant id is in the assets bucket name should be
in-epass-assets
.
Update the filestore bucket details:
update the aws-key and aws-secret-key from env-secrets.yaml.
Repace the SMS Notification details with your SMS gateway details:
update the username and password from env-secrets.yaml.
Update the mail notification values from env-secrets.yaml.
Update the Google map key. If you don’t have one, please create the same https://developers.google.com/maps/documentation/embed/get-api-key
Update the Payment Gateway details with your details.