Page MenuHomePhabricator
Create Task
Maniphest T317976

Rotate Mailgun secret
Closed, ResolvedPublic
Actions

Description

A/C: mailgun secret should be rotated

This needs to be performed on production and staging. Tom would recommend you do them separately, staging first, this will also give an idea of if there is downtime associated with this action.

Probable steps:

  • Login to mailgun UI
  • Copy new token
  • Paste into your tfvars file
  • run make apply
    • This will create new secrets in k8s. However! it will not restart the workloads that are still running using the old secrets
  • gracefully restart relevant workloads (api/mw works) (https://linuxhint.com/kubectl-rollout-restart/)
  • check all is working

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedTarrowT316764 [tracking] Rotate all secrets
 ResolvedNoneT317976 Rotate Mailgun secret

Event Timeline

Tarrow created this task.Sep 16 2022, 12:42 PM
Tarrow moved this task from Sprint Backlog to Doing on the Wikibase Cloud (Wikibase.cloud (WB Cloud Sprint 5)) board.
Rosalie_WMDE removed Rosalie_WMDE as the assignee of this task.Sep 22 2022, 8:25 AM
Rosalie_WMDE subscribed.
Tarrow moved this task from Doing to Sprint Backlog on the Wikibase Cloud (Wikibase.cloud (WB Cloud Sprint 5)) board.Sep 22 2022, 8:36 AM
Deniz_WMDE claimed this task.Sep 23 2022, 12:41 PM
Deniz_WMDE moved this task from Sprint Backlog to Doing on the Wikibase Cloud (Wikibase.cloud (WB Cloud Sprint 5)) board.
Deniz_WMDE added a comment.Sep 23 2022, 2:03 PM

Rotated SMTP password for staging and production
https://github.com/wmde/wbaas-deploy/pull/539
https://github.com/wmde/wbaas-deploy/pull/540

We noticed that there is some remnant of unused mailgun API keys in our config, will clean it up

Deniz_WMDE added a comment.Sep 23 2022, 2:17 PM

PRs for cleanup:

new secret module: https://github.com/wmde/wbaas-deploy/pull/541
use it & cleanup for staging: https://github.com/wmde/wbaas-deploy/pull/542
use it & cleanup for production: https://github.com/wmde/wbaas-deploy/pull/543

Deniz_WMDE removed Deniz_WMDE as the assignee of this task.Sep 23 2022, 2:17 PM
Deniz_WMDE moved this task from Doing to In Review on the Wikibase Cloud (Wikibase.cloud (WB Cloud Sprint 5)) board.
Deniz_WMDE subscribed.
Deniz_WMDE added a comment.Sep 23 2022, 2:29 PM

I removed the Sending API keys for the domains wikibase.dev and wikibase.cloud via the Mailgun UI, as we are not using them anymore.

Rosalie_WMDE moved this task from Wikibase.cloud (WB Cloud Sprint 5) to Wikibase.cloud (WB Cloud Sprint 6) on the Wikibase Cloud board.Sep 28 2022, 12:19 PM
Rosalie_WMDE edited projects, added Wikibase Cloud (Wikibase.cloud (WB Cloud Sprint 6)); removed Wikibase Cloud (Wikibase.cloud (WB Cloud Sprint 5)).
Evelien_WMDE moved this task from Sprint Backlog to In Review on the Wikibase Cloud (Wikibase.cloud (WB Cloud Sprint 6)) board.Sep 28 2022, 12:19 PM
Tarrow added a comment.Oct 6 2022, 8:37 AM

loos like the module is waiting for being released before we go ahead an use it in staging and prod

Rosalie_WMDE moved this task from In Review to In Verification on the Wikibase Cloud (Wikibase.cloud (WB Cloud Sprint 6)) board.Oct 11 2022, 12:08 PM
Tarrow moved this task from In Verification to Waiting for Deploy to Staging on the Wikibase Cloud (Wikibase.cloud (WB Cloud Sprint 6)) board.Oct 17 2022, 10:26 AM
conny-kawohl_WMDE moved this task from Wikibase.cloud (WB Cloud Sprint 6) to Wikibase Cloud (WB Cloud Sprint 7) on the Wikibase Cloud board.Oct 18 2022, 1:12 PM
conny-kawohl_WMDE edited projects, added Wikibase Cloud (Wikibase Cloud (WB Cloud Sprint 7)); removed Wikibase Cloud (Wikibase.cloud (WB Cloud Sprint 6)).
conny-kawohl_WMDE moved this task from Sprint Backlog to In Review on the Wikibase Cloud (Wikibase Cloud (WB Cloud Sprint 7)) board.
Tarrow claimed this task.Oct 20 2022, 8:29 AM
Tarrow moved this task from In Review to Waiting for Deploy to Staging on the Wikibase Cloud (Wikibase Cloud (WB Cloud Sprint 7)) board.Oct 20 2022, 10:34 AM
Tarrow moved this task from Waiting for Deploy to Staging to Waiting for Deploy to Production on the Wikibase Cloud (Wikibase Cloud (WB Cloud Sprint 7)) board.Oct 20 2022, 10:54 AM
Tarrow moved this task from Waiting for Deploy to Production to In Verification on the Wikibase Cloud (Wikibase Cloud (WB Cloud Sprint 7)) board.Oct 20 2022, 11:51 AM
Tarrow removed Tarrow as the assignee of this task.Oct 24 2022, 9:51 AM
Tarrow moved this task from In Verification to Done on the Wikibase Cloud (Wikibase Cloud (WB Cloud Sprint 7)) board.
Rosalie_WMDE closed this task as Resolved.Oct 26 2022, 12:06 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL