[GH Request] Rotate edx_smtp_username and edx_smtp_password #876
Comments
katebygrace
added
the
github-request
|
Thank you for your report! @openedx/axim-oncall will triage within a business day. Simple requests usually take 2-3 business days to resolve; more complex requests could take longer. |
|
@katebygrace I've added a new |
|
Thanks @feanil ! I added the new IAM user key/secret. Feel free to add and hit me up on slack if you have any trouble! |
|
@katebygrace It looks like the creds are passed strait through as the SMTP creds. Can you confirm that you've tested this and confirmed that you're getting the e-mails you're sending? This is where the creds are used if that's helpful: https://github.com/openedx/.github/blob/3968981307ed2c11a83bf27483c2cacbe8c5f64c/.github/workflows/upgrade-python-requirements.yml#L94-L118 |
|
@katebygrace is there more left to do on this one? |
|
@brian-smith-tcril Where I left this was, we have the creds but I was waiting on confirmation that they were tested before I updated the secret in github since that's a one-way operation and we can't roll-back to the old creds. |
|
@katebygrace , can you respond to Feanil's question above so I can update the secrets in GitHub and close this out? |
|
Pinged Kate in Slack yesterday and also didn't hear back, so I'm closing this as stale. @feanil do you want to put a note in with those creds that they're not currently in use and point back to this ticket? I don't seem to have access to that shared password folder. |
Firm Name
2u
Urgency
Low (2 weeks)
Requested Change
Hey there,
I'd like to rotate all IAM users in production, including openedx-smtp. I believe this is stored in your GHA secrets as edx_smtp_username / edx_smtp_password. Let me know a good place to toss the creds. Thanks!
Previous ticket for reference #842
Reasoning
Security
The text was updated successfully, but these errors were encountered: