Secret Management

ska-oso-services requires secret values to connect to the ODA PostgreSQL instance.

The deployment is configured to set the ADMIN_POSTGRES_PASSWORD environment variable from the Kubernetes Secret that is the password to the PostgreSQL isntance that the ska-db-oda-umbrella chart deploys.

To use a different Secret, the .Values.rest.oda.postgres.password.secret value can be overwritten with the Kubernetes Secret resource name and the .Values.rest.oda.postgres.password.key with the key within that Secret.

PHT secrets

PHT uses the following secrets:

• AWS_SERVER_PUBLIC_KEY: SKAO AWS account’s public key

• AWS_SERVER_SECRET_KEY: SKAO AWS account’s secret ket key

• AWS_PHT_BUCKET_NAME: S3 bucket name to be used

• SMTP_PASSWORD. SKAO SMTP password to use.

These secrets are currently configured to be retrieved from HashiCorp Vault from under https://vault.skao.int/ui/vault/secrets/dev/kv/stargazers%2Foso-services/details?version=2 No provisions are made yet for higher environments (subject to the further discussions withing OSO and AVIV).

When developing locally, you can override them by changing ska-oso-serviceschartsska-oso-servicestemplatesall_secrets.yaml and then stringData.*. Make sure you uninstall the chart when doing so and do not commit these secrets.