Skip to main content

How to setup secrets & env vars

Secrets

We keep our secrets in single Google Secret Manager in the ch-platform project.

To isolate secrets between tenants we use the following convention for the secrets name in GSM:

  • tenant_name-api_name-secret_key
  • Eg: bobs_burger_house-checkout-SUPER_SECRET

If a secret is reusable between different services on the same tenant, instead of the api name, we use the word common

  • Eg: bobs_burger_house-common-REUSABLE_SUPER_SECRET

After adding or changing a secret, it is required to restart the consuming API, as it only loads the secrets once at the startup.

Env vars

Environment variables are set via config-map.yaml files in the Devops repo. See examples here

You can find the list of environment variables and secrets for each individual services in the service's documentation. If you need further help with the setup, please reach out to the consumer-health dev team.