raft-tech · andrew-jameson · Aug 5, 2021 · Jul 27, 2021 · Jul 27, 2021 · Jul 28, 2021
diff --git a/scripts/copy-login-gov-keypair.sh b/scripts/copy-login-gov-keypair.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+###
+# Copies Login.gov JWT_KEY + JWT_CERT from one Cloud.gov application to another.
+#
+SOURCE_APP=${1}
+DEST_APP=${2}
+
+set -e
+
+SOURCE_APP_GUID=$(cf app "$SOURCE_APP" --guid)
+SOURCE_APP_ENV=$(cf curl "/v2/apps/$SOURCE_APP_GUID/env")
+ENVIRONMENT_JSON=$(printf '%s\n' "$SOURCE_APP_ENV" | jq -r '.environment_json')
+
+JWT_KEY=$(echo "$ENVIRONMENT_JSON" | jq -r '.JWT_KEY')
+JWT_CERT=$(echo "$ENVIRONMENT_JSON" | jq -r '.JWT_CERT')
+
+echo "JWT_KEY: $JWT_KEY"
+echo "JWT_CERT: $JWT_CERT"
+
+if [ -n "$DEST_APP" ];then
+    echo "Copying JWT key and cert from $SOURCE_APP to $DEST_APP..."
+    cf set-env "$DEST_APP" JWT_KEY "$JWT_KEY"
+    cf set-env "$DEST_APP" JWT_CERT "$JWT_CERT"
+
+    echo "Restaging $DEST_APP..."
+    cf restage "$DEST_APP"
+fi
diff --git a/scripts/set-backend-env-vars.sh b/scripts/set-backend-env-vars.sh
@@ -20,6 +20,9 @@ else
   FRONTEND_BASE_URL="$DEFAULT_FRONTEND_ROUTE"
 fi
 
+# Dynamically generate a new DJANGO_SECRET_KEY
+DJANGO_SECRET_KEY=$(python -c "from secrets import token_urlsafe; print(token_urlsafe(50))")
+
 # Dynamically set DJANGO_CONFIGURATION based on Cloud.gov Space
 DJANGO_SETTINGS_MODULE="tdpservice.settings.cloudgov"
 if [ "$CG_SPACE" = "tanf-prod" ]; then

diff --git a/tdrs-backend/docker-compose.yml b/tdrs-backend/docker-compose.yml
@@ -42,7 +42,6 @@ services:
   web:
     restart: always
     environment:
-      - DJANGO_SECRET_KEY=local
       - DB_USER=tdpuser
       - DB_PASSWORD=something_secure
       - DB_NAME=tdrs_test

diff --git a/tdrs-backend/tdpservice/settings/common.py b/tdrs-backend/tdpservice/settings/common.py
@@ -4,6 +4,7 @@
 import os
 from distutils.util import strtobool
 from os.path import join
+from secrets import token_urlsafe
 
 from configurations import Configuration
 
@@ -105,7 +106,7 @@ class Common(Configuration):
 
     ALLOWED_HOSTS = ["*"]
     ROOT_URLCONF = "tdpservice.urls"
-    SECRET_KEY = os.environ["DJANGO_SECRET_KEY"]
+    SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", token_urlsafe(50))
     WSGI_APPLICATION = "tdpservice.wsgi.application"
     CORS_ORIGIN_ALLOW_ALL = True