Merge pull request #24 from signalsciences/lisa/add-key-rotation

lsmith500 · web-flow · commit a58bea888198 · 2021-04-12T13:21:13.000-07:00
Lisa/add key rotation
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -16,8 +16,8 @@ jobs:
     steps:
     - uses: aws-actions/configure-aws-credentials@v1
       with:
-        aws-access-key-id: ${{ secrets.SIGSCI_PROD_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.SIGSCI_PROD_SECRET_ACCESS_KEY }}
+        aws-access-key-id: ${{ secrets.SIGSCI_CORE_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.SIGSCI_CORE_SECRET_ACCESS_KEY }}
         aws-region: us-west-2
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -12,8 +12,8 @@ jobs:
       - name: Configure aws credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:
-          aws-access-key-id: ${{ secrets.SIGSCI_PROD_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.SIGSCI_PROD_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ secrets.SIGSCI_CORE_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.SIGSCI_CORE_SECRET_ACCESS_KEY }}
           aws-region: us-west-2
       - name: Setup python
         uses: actions/setup-python@v2
diff --git a/.github/workflows/rotate-keys.yml b/.github/workflows/rotate-keys.yml
@@ -0,0 +1,31 @@
+on: 
+    schedule:
+      - cron: '0 17 * * 3' # every Wed at 11 AM PDT
+
+jobs:
+  rotate:
+    name: Rotate IAM User Keys
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.0.0
+      - name: Rotate AWS Access Keys
+        uses: kneemaa/github-action-rotate-aws-secrets@a0336cf15368b9516a0b11d122e96e950da12a7e #Commit sha for v1.1.0
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.SIGSCI_CORE_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.SIGSCI_CORE_SECRET_ACCESS_KEY }}
+          GITHUB_TOKEN: ${{secrets.ROBOTICS_UPDATE_GH_SECRETS}}
+          OWNER_REPOSITORY: ${{github.repository}} 
+          GITHUB_ACCESS_KEY_NAME: "SIGSCI_CORE_ACCESS_KEY_ID"
+          GITHUB_SECRET_KEY_NAME: "SIGSCI_CORE_SECRET_ACCESS_KEY"
+
+      - name: Send Slack Status
+        if: failure()
+        uses: 8398a7/action-slack@45986a1c69e93353648c176ce49eecddebebf64e # Commit sha for v3.9.0
+        with:
+          status: ${{job.status}}
+          author_name: ${{ secrets.AUTHOR_NAME }}
+          username: ${{ secrets.AUTHOR_NAME }}
+          text: Failed to rotate the tokens for ${{ secrets.USERNAME }}
+          channel: ${{ secrets.CHANNEL}}
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} 
