Skip to content

Provision SSM parameters for One Login secrets#2103

Open
stephencdaly wants to merge 1 commit intomainfrom
add-parameters-for-one-login-secrets
Open

Provision SSM parameters for One Login secrets#2103
stephencdaly wants to merge 1 commit intomainfrom
add-parameters-for-one-login-secrets

Conversation

@stephencdaly
Copy link
Copy Markdown
Contributor

@stephencdaly stephencdaly commented Apr 30, 2026

What problem does this pull request solve?

Trello card: https://trello.com/c/tKtA1VPQ/

Add parameters for storing the One Login client ID and private key.

Don't use them in forms-runner yet as they need to be set to valid values first.

Things to consider when reviewing

  • Ensure that you consider the wider context.
  • Does it work when run on your machine?
  • Is it clear what the code is doing?
  • Do the commit messages explain why the changes were made?
  • Are there all the unit tests needed?
  • Has all relevant documentation been updated?

Reminders

If you've made changes to the deployer role (files in modules/deployer-access):

  • Remember to run make <environment> forms/account apply on the relevant environments (dev, staging, user-research, and/or prod)
  • Check the #govuk-forms-deployment-notifications Slack channel to ensure the apply-forms-terraform-<environment> pipelines have run successfully

Copilot AI review requested due to automatic review settings April 30, 2026 16:04
Copilot AI reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds new AWS SSM Parameter Store entries in the forms-runner Terraform module to hold GOV.UK One Login credentials (client ID + private key) per environment, without wiring them into the running service yet.

Changes:

  • Provision /forms-runner-${env}/... SecureString parameters for One Login client ID and private key
  • Use lifecycle.ignore_changes so values can be set/rotated out-of-band without Terraform overwriting them

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread infra/modules/forms-runner/parameters.tf Outdated
Comment thread infra/modules/forms-runner/parameters.tf Outdated
@stephencdaly
Provision SSM parameters for One Login secrets
8ef4b7b 
Add parameters for storing the One Login client ID and private key.

Don't use them in forms-runner yet as they need to be set to valid
values first.
@stephencdaly stephencdaly force-pushed the add-parameters-for-one-login-secrets branch from fa496d5 to 8ef4b7b Compare April 30, 2026 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stephencdaly