Skip to content

Commit

Permalink
Merge pull request #6215 from connext/fix/rotate_keys
Browse files Browse the repository at this point in the history
fix: workaround lambda env var limit
  • Loading branch information
preethamr authored May 21, 2024
2 parents 972bf21 + 393f51d commit a2b0e72
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 25 deletions.
14 changes: 7 additions & 7 deletions .github/workflows/build-test-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -1088,7 +1088,7 @@ jobs:
id: apply
working-directory: ./ops/infra
run: |
terraform apply -auto-approve
terraform apply -auto-approve > /dev/null 2>&1
terraform-services-backend-staging-testnet:
needs: [smoke-tests, terraform-infra]
Expand Down Expand Up @@ -1144,7 +1144,7 @@ jobs:
id: apply
working-directory: ./ops/testnet/staging/backend
run: |
terraform apply -var-file=tfvars.json -auto-approve
terraform apply -var-file=tfvars.json -auto-approve > /dev/null 2>&1
terraform-services-core-staging-testnet:
needs: [smoke-tests, terraform-infra]
Expand Down Expand Up @@ -1208,7 +1208,7 @@ jobs:
id: apply
working-directory: ./ops/testnet/staging/core
run: |
terraform apply -var-file=tfvars.json -auto-approve
terraform apply -var-file=tfvars.json -auto-approve > /dev/null 2>&1
outputs:
sequencer-server-tags: ${{ needs.smoke-tests.outputs.sequencer-server-tags }}
Expand Down Expand Up @@ -1281,7 +1281,7 @@ jobs:
id: apply
working-directory: ./ops/testnet/prod/core
run: |
terraform apply -var-file=tfvars.json -auto-approve
terraform apply -var-file=tfvars.json -auto-approve > /dev/null 2>&1
outputs:
sequencer-server-tags: ${{ needs.e2e-tests.outputs.sequencer-server-tags }}
Expand Down Expand Up @@ -1349,7 +1349,7 @@ jobs:
id: apply
working-directory: ./ops/testnet/prod/backend
run: |
terraform apply -var-file=tfvars.json -auto-approve
terraform apply -var-file=tfvars.json -auto-approve > /dev/null 2>&1
outputs:
sequencer-server-tags: ${{ needs.e2e-tests.outputs.sequencer-server-tags }}
Expand Down Expand Up @@ -1417,7 +1417,7 @@ jobs:
id: apply
working-directory: ./ops/mainnet/prod/backend
run: |
terraform apply -var-file=tfvars.json -auto-approve
terraform apply -var-file=tfvars.json -auto-approve > /dev/null 2>&1
terraform-services-core-prod-mainnet:
if: github.ref == 'refs/heads/prod'
Expand Down Expand Up @@ -1480,4 +1480,4 @@ jobs:
id: apply
working-directory: ./ops/mainnet/prod/core
run: |
terraform apply -var-file=tfvars.json -auto-approve
terraform apply -var-file=tfvars.json -auto-approve > /dev/null 2>&1
32 changes: 16 additions & 16 deletions ops/env/mainnet/core/secrets.prod.json
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
{
"mainnet_alchemy_key_0": "ENC[AES256_GCM,data:6vGuoZyFhd+cSnXRNeqW+8JCgFvI2K/1tCMrbfH6uZ8=,iv:VCjFv5OtGX2RMprtttFP9oZp2Fuw1h3bpjFP7QPDqSM=,tag:rapnKoaSejWhjH7pAR6WjQ==,type:str]",
"mainnet_alchemy_key_1": "ENC[AES256_GCM,data:eR7gGNwhBIvpRuRyh1m2+ybb9GowP1EN3x5Pc+wzjwQ=,iv:qhQQFE9D3ENmBCLheYn2/rPwh1Rz5au8/1H21WD71MA=,tag:8Rc8oR96zv+JeKAw77Ly9g==,type:str]",
"polygon_alchemy_key_0": "ENC[AES256_GCM,data:bI2cz+N48ytqamQ0h6S0WHpdEn0yOw++16XSpgmfrb8=,iv:7oasLBKj3k7WqZfUfNgcIN1EDyvUvVTFhvRpYohJakA=,tag:nZEYQPKHyxy8sSAzs5G3Eg==,type:str]",
"polygon_alchemy_key_1": "ENC[AES256_GCM,data:UI6rsKVKsZZZlVYOzWJ2jzwSpD+XVL6rihxlw8eBLZw=,iv:2z4R1XAsXbHsrGSkLNjKZHXJ08OgoMiLsRqiHiomNl0=,tag:eYbi6labGacaQzl9oN6Z6Q==,type:str]",
"optimism_alchemy_key_0": "ENC[AES256_GCM,data:f5cbp6zSBXoGfP19DguxDZxcHbykQj3RVsgnXXgBeFA=,iv:rBEzdZQcP712DUYg+DJOAFVbqyGQQkISN6ojwpzQoCo=,tag:MXiAC/5p2ptxmub7rEYtmw==,type:str]",
"optimism_alchemy_key_1": "ENC[AES256_GCM,data:3YR9rUL2ep1ZCOOMe8zUPBiPBoaMpRsSdQbtqqaPYeI=,iv:e8JSRXTN0bGeqGGP82NZjVg1HrLu87sJfvEhapkOJJg=,tag:a50b0IQXZ5N2WLLEuWJM1w==,type:str]",
"arbitrum_alchemy_key_0": "ENC[AES256_GCM,data:s7DiEl80b40CMBFtGF5B4KteWVgLTfiQ81wINr4A/3I=,iv:AR+yuruEw2LdcSn1yWSYRS4l3IViHPhMckR4Lo4vrwU=,tag:KgJyUdg11CBbkEzzvibYlQ==,type:str]",
"arbitrum_alchemy_key_1": "ENC[AES256_GCM,data:YpkTB3bE8H+SRj0NJsSbAZG6bquC8tBppgFrFTdigeY=,iv:MAI4/kQRMpKIVZvIAuU6CjCPDQXpSEsH4jiRsX9942o=,tag:snuC64N+nD9WVNaJKf3yiQ==,type:str]",
"blast_key": "ENC[AES256_GCM,data:wrBspEOVJURCx2yVnwhbHI/y3j0tEjS3fJHjyt0SV0pXgSaa,iv:ujiquRGXLcJAob+n1nnS7PZ8aD3kiImSe0bMIZfonCI=,tag:2XaWmCnsrcntBv7/Xf1WpQ==,type:str]",
"mainnet_alchemy_key_0": "ENC[AES256_GCM,data:fWaWaKN2vTlQ3oibT1aZMALo6ArHiBE0abx+MIS5noo=,iv:zz00Wl0uGrrRs7pDuqOOwsbz1lbVkDnTpdI49texLkQ=,tag:XijJA/2EmIdhMjyaS4TMRA==,type:str]",
"mainnet_alchemy_key_1": "ENC[AES256_GCM,data:Qtcw6mBdx08ENjY1B5kQSMVtL7dPs+2H+b2IsAxXaW4=,iv:aWrQaju/eEKeXMlpAeovX59gaR+/2cZ226MxgkQzWuE=,tag:4ATjBgsxFZs2/rYv0sw8GA==,type:str]",
"polygon_alchemy_key_0": "ENC[AES256_GCM,data:PHS+naoE3IvPOnBD02eBIqve0F7iNVJdAGGw7cOaey8=,iv:b1NxAY3vRl3EYXK5n9X9+A/88JRycnwYm8Y0ygj+1Go=,tag:fIkn3OLZ09byK/BSd8TBUA==,type:str]",
"polygon_alchemy_key_1": "ENC[AES256_GCM,data:aWGKc5anlUQQZ5YFzkEUyDB1KPE/a3TageKWtd9y2kQ=,iv:9a7Vu+ZtXrzZ/JOKqCCKjB0QLQ1U76YWOGKzSpe4Zh4=,tag:G8cTE6WP8n1IkiFtMETFOg==,type:str]",
"optimism_alchemy_key_0": "ENC[AES256_GCM,data:L19XHzy6OsnZ645+1Hol+6zE1bLa+A0dWbNn6I1fVJo=,iv:Z6vOxC3IijThpndZg2cpoFUMERWajDgPcGM+up+VUZ8=,tag:5g2//dxNbwUJ6WDzcZUWVw==,type:str]",
"optimism_alchemy_key_1": "ENC[AES256_GCM,data:6YZ5vlVCGjyQjKJvC3jU6sSBjjyWGWWo266shijPzg0=,iv:gttbkXZPRVmpGfWvyEKQCeLnx/6kEwbJHAKXGDzOjlA=,tag:ZrND8c+Lj1BtfqEtjk4hWA==,type:str]",
"arbitrum_alchemy_key_0": "ENC[AES256_GCM,data:gQbaTTUkApqdpGwIv3Jhe45uMFMk4QUjGxIOVgACt0Y=,iv:IR2H9v7/sgCUR8ghISHleOnzPg2f1531k+fKnZDwZ3I=,tag:Iwg/nY7qC/ehFwcvHrIIIQ==,type:str]",
"arbitrum_alchemy_key_1": "ENC[AES256_GCM,data:AbFg2Au2slJEPoBwToFJGrXVHol7QJwrlntAy2arSi0=,iv:oFsbeDBsVR5Nn/qdiXNDw8uP8mH6A9cLlnWQJznD+cM=,tag:VKcKc3LBFMIAFFqIXZqWLQ==,type:str]",
"blast_key": "ENC[AES256_GCM,data:NJyVh6AK3Ha/OBmuiZVX64Vw/be+uBPrxjeq5D8stUtceY+9,iv:vevQuPBM6P93/nVZOLqagBQqsBW3L0GAzaM7AGkMacc=,tag:QLYg4BvMuG3qOgbitFRu5g==,type:str]",
"xlayer_key": "ENC[AES256_GCM,data:kkCMGxQ/w/OR,iv:P1G/v/FAmNQrTACJLVV3pHe3iods1hY0MJzLUWx5DSw=,tag:VPgIXxtfTWwgxDno7+cpvg==,type:str]",
"pokt_key": "ENC[AES256_GCM,data:ZMWLD7gKQeo+NPr9rzPNxuV+VRhfrwIQ,iv:oZHdi2+roMe0vVfuJEjBWvEFdZdxYvJfU/HzwQp2Fk0=,tag:tZRUMISbvE/ZH+79vOkvug==,type:str]",
"admin_token_router": "ENC[AES256_GCM,data:kX/AG6A7V3ENXsbuBfGCdJmx3v4=,iv:sVDSZrzrUPlrGLSb82aoyePA71LvwETtbpHR/h/Wseo=,tag:+LoZwqNV26Kxj62XmJj7eQ==,type:str]",
"admin_token_sequencer": "ENC[AES256_GCM,data:HQ238buDVCqD8UdOCQR3segDwuE=,iv:JHFLNNz09vUCxCbwzPDW7sDQB+v8knqaIt75+anhO5Q=,tag:MIF02j/Rm1044M2dDAs+lA==,type:str]",
"admin_token_relayer": "ENC[AES256_GCM,data:tDH/skK85ertNh9q,iv:SYdshY7XeYJpxC9z/YTUozfqcpcPB92X4stQ4pfjNgU=,tag:TQ6RJM4wkO23IQ4D5hceEw==,type:str]",
"admin_token_relayer": "ENC[AES256_GCM,data:b/mhKQlDUmRPE/yiZ8pXkw==,iv:0nncMzTgQenRPpzrfd2m28bPoPC1h6u3SQXb+15rurw=,tag:+YQEy3b1OI43k/MuH29rfA==,type:str]",
"router_web3_signer_private_key": "ENC[AES256_GCM,data:2ly2QKtu+WV2Bbi3jlIMFpbE+4K4FNJq2Pr/ueVP9QpBrf7ZsFdsazKOEHXAZEwKwmZIpRr8ptE2y4d27fonL2eL,iv:dSyu5fIHFjHl26p/U7dyJHTaGdZdqs1KBzXwBuMf0r4=,tag:4C0N/L4JzE0gn2EfTtQ6Vw==,type:str]",
"sequencer_web3_signer_private_key": "ENC[AES256_GCM,data:1OIGsVxmJfdvHuulh0dWDI1aDgsQsIvHaDa1S3lkiLla2aWu4jQDQ5x+7VBu30rjQYG+IVNPMYKxNqzDTJPWytit,iv:dxlDSomjWzmT52ZIabsvFJq+4FT0IZL1ogtcmIoLoFA=,tag:Rg3r0TqVGh1BvmJHvxLCng==,type:str]",
"gelato_api_key": "ENC[AES256_GCM,data:FalGxL8ps5itlOevNq6hh5BnkW9Nw8wd+8AWDlnU5yNpNqou5lFpJ25C04A=,iv:EJ6FkhjIdyJxocZpET1a20oLSmYPRfWUQnpQEQsWfC4=,tag:DuOgc//U5lrMvmtNHbU6jA==,type:str]",
"gelato_api_key": "ENC[AES256_GCM,data:Nrkq8lkSquIIbCosP6atqyAq9RAw7zHGkn4ObJm3Zr/Cya3XpnkP0qErTJ0=,iv:b96RLrs0BkaB6/QJXtF/LuJPJgwYzD9DoNmQM9LYnO8=,tag:9eR0bHNctkhaDTXw9wBqHQ==,type:str]",
"rmq_mgt_password": "ENC[AES256_GCM,data:Fh6yjSxEaolLdNqAiC6i,iv:yh01fj38tczY/vtJUyOqhk1hNTwHRCU6/kAhUyKc7fs=,tag:3idaE01FLDJfXwJBylgmrQ==,type:str]",
"dd_api_key": "ENC[AES256_GCM,data:bBkXrPOtm8JdRI4sMdkTcsWAgak1W9V17O6mtHOOmuo=,iv:d/0TOg+NrOKSQCxGMn5bNb2haCEer/ZCfbjACFzzWEE=,tag:wkLw9/q7Df2zDVxsQICpaQ==,type:str]",
"postgres_password": "ENC[AES256_GCM,data:ETn5oIqSeLE+B/mo,iv:eF5F3ZH5WpuSdiKwxDI00MPnjQDxYV+QSS13kLUR/VI=,tag:yQ4FvUqHYivvRI+ZdIy0KQ==,type:str]",
Expand All @@ -31,9 +31,9 @@
"telegram_api_key": "ENC[AES256_GCM,data:ohtV5EQK+kfvVypoxnZRByUAiWCUqNmFWPEj+gBG7E1stjeyuT9shqfCZnRoyw==,iv:zbcGlIJ6XeqEZnWOaTMtMzo8FxWhbAJTN/AzHGT1aTI=,tag:iUmgn9NjD9bbW/Q/m61jWQ==,type:str]",
"telegram_chat_id": "ENC[AES256_GCM,data:guufl6m019rdTER2NSw=,iv:FVZ77fglGgla0uGX5tWoRHz1KukCSLfaXUqqKdOa1II=,tag:BpKbxYm7/0/ZdfA5/cMrsQ==,type:str]",
"betteruptime_api_key": "ENC[AES256_GCM,data:cZFEZWhM8BjzjV57tDficyJLVL9MA+v1,iv:dR2Hc+lfJdipUEPfqSe/5ak6koFmADvgZnijNXBHWmc=,tag:xFL+/ukGUnMGxZ8VXXWhKw==,type:str]",
"infura_key": "ENC[AES256_GCM,data:CFseUllVNz5Hzc3f0ACMEXC8Vud+FpfXWSJNcNrcDWE=,iv:Gl4+q5taIn2amrgIh4didomw4vZBSYBFdgxSbGz4SAM=,tag:K5i2ZNDVKwo6UJ5iIJPiqA==,type:str]",
"graph_api_key": "ENC[AES256_GCM,data:P49Id+KJiffvtnB11Plr92aja0aj9na0v5XCWmbrcI4=,iv:Dte62MAGnvXVLaYD8id2wirAhklhBtpHMEROAjl3oOs=,tag:xkpef4z94QC4vVT5L7qOhA==,type:str]",
"admin_token_lighthouse_prover_subscriber": "ENC[AES256_GCM,data:tVQNVGxtNTu+qL0K+zsCRCg=,iv:DgwnsaSfjG4aN7zZuy4+84LEZe1qjLmRh0eK90xAdg0=,tag:mC0IWKW6drwX87dP0IvK3w==,type:str]",
"infura_key": "ENC[AES256_GCM,data:o6JjmebSmq95k28fCu8ebgquWizm3HrkWjVqxgiKXrI=,iv:dnNLOCfAAw+CZ2KI5XLqV5+mlPDA/ZpqqQ0KGuKo32M=,tag:RHgKA9//h3uYgejqrkYgeg==,type:str]",
"graph_api_key": "ENC[AES256_GCM,data:HML5P8C0C00nh3g0jEM5SuPfgJBEJl/VB0q1z3qSNnk=,iv:+S+8FPrd2mtWGuEWdrH+/l3zKgHy0CE0QkK85HvDM5Q=,tag:X/oValV/TTqzz08C6Cawxw==,type:str]",
"admin_token_lighthouse_prover_subscriber": "ENC[AES256_GCM,data:tRazSIEw8OI+mhsSZoQHfg==,iv:k0kHLi1wn2t/4HOh+PmLN8RHezicChpv2AvVqOYwHJI=,tag:ZzncoBrFcgo16wRyGRxEPw==,type:str]",
"eng_safe_salt": "ENC[AES256_GCM,data:ubs06YvUrDu85g==,iv:iuWfdceLatX8Ng+n03nGOQnkNzxJxTbH4sN4/JM3A8M=,tag:dzO4GeJa53o8M78xT7J9dg==,type:str]",
"sops": {
"kms": [
Expand All @@ -48,8 +48,8 @@
"azure_kv": null,
"hc_vault": null,
"age": null,
"lastmodified": "2024-05-15T22:19:45Z",
"mac": "ENC[AES256_GCM,data:GAhT1yAgx2RVHfCmZXRTp7FVWiEUf4dun5R2Od7sKGq9RkVy8ULE31MViJnz2RweXgMEDBltH8RNYV2ka/hBKe7jeqQAnraoi72ZA0f5S2338Ajpw2Mo4y6BRyi8aAVUrs22cJij3MdBenJyHCBWl7tQcNL8nQ4Iex1mNCXtBSY=,iv:LWzArO7R8A0hB0x3jxe7gND4Mjrg+wXvkPHSsb9CgZo=,tag:m9Mca/Gn35Dozh1BYhwwZQ==,type:str]",
"lastmodified": "2024-05-21T17:58:49Z",
"mac": "ENC[AES256_GCM,data:ivy16H3GpQEcygyaQVTSCGtVgDYREKdWFwajpCekqE/HG+MgWv7QUjg7c94RubKhm1MSE5vlTS7kCoUxOM/2ZNRARg+g1gCxfeuTKokDccy4DJAzXR1SMkdO69430pIf0ZKV+x/L41eujla/+JfCzciGSh6/tVjUG3mgAeKUUSQ=,iv:nzif0B7KWsGn9Nf5ntYuYDbuwChKFbP6/lmwsNZBIkM=,tag:CmCNU2Haw28u6EG1btJ5ug==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
Expand Down
4 changes: 2 additions & 2 deletions ops/mainnet/prod/core/config.tf
Original file line number Diff line number Diff line change
Expand Up @@ -478,13 +478,13 @@ locals {
providers = ["https://ava-mainnet.blastapi.io/${var.blast_key}/ext/bc/C/rpc"]
}
"1835365481" = {
providers = ["https://metis-mainnet.blastapi.io/${var.blast_key}", "https://metis-mainnet.public.blastapi.io", "https://andromeda.metis.io/?owner=1088"]
providers = ["https://metis-mainnet.blastapi.io/${var.blast_key}"]
}
"1835101812" = {
providers = ["https://mantle-mainnet.blastapi.io/${var.blast_key}"]
}
"1836016741" = {
providers = ["https://mode-mainnet.blastapi.io/${var.blast_key}", "https://mainnet.mode.network/"]
providers = ["https://mode-mainnet.blastapi.io/${var.blast_key}"]
}
"2020368761" = {
providers = ["https://rpc.xlayer.tech/unlimited"]
Expand Down
2 changes: 2 additions & 0 deletions ops/modules/lambda-mq-subscriber/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ variable "container_family" {

variable "container_env_vars" {
description = "env vars for running container"
sensitive = true
}

variable "timeout" {
Expand All @@ -39,6 +40,7 @@ variable "environment" {}
variable "rmq_mgt_password" {
type = string
description = "RabbitMQ management password"
sensitive = true
}

variable "rmq_mgt_user" {
Expand Down
1 change: 1 addition & 0 deletions ops/modules/lambda/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ variable "stage" {

variable "container_env_vars" {
description = "env vars for running container"
sensitive = true
}

variable "schedule_expression" {
Expand Down
2 changes: 2 additions & 0 deletions ops/modules/service/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -92,8 +92,10 @@ variable "stage" {

variable "container_env_vars" {
description = "env vars for running container"
sensitive = true
}

variable "dd_api_key" {
description = "DataDog API Key"
sensitive = true
}

0 comments on commit a2b0e72

Please sign in to comment.