Vault

ScholarSphere uses hashicorp's vault tool to store sensitive information, on app startup, the deployment picks up values from the vault, and injects them into the containers environment.

Related: Vault client setup ( https://sites.psu.edu/dltdocs/?p=5380 )

Getting environments secrets

vault kv get secret/app/scholarsphere/prod 

Getting a field from a secret. this is useful for pipe lining

vault kv get -field=DATACITE_ENDPOINT secret/app/scholarsphere/prod

vault kv get -field=DATACITE_ENDPOINT secret/app/scholarsphere/prod | pbcopy 

Adding a new secret

vault kv patch secret/app/scholarsphere/prod FOO=bar

after adding a secret, you'll need to rollout any deployments that need it

kubectl rollout restart deployment/scholarsphere
kubectl rollout restart deployment/scholarsphere-sidekiq