npm - @govuk-pay/cli - Versions diffs - 0.0.3 → 0.0.5 - Mend

@govuk-pay/cli 0.0.3 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (89) hide show

package/resources/legacy-ruby-cli/config/secrets.yml ADDED Viewed

@@ -0,0 +1,581 @@
+---
+# secrets here will be looked up from pay-dev-pass
+# pay-dev-pass[env][service][secretname] = pay-dev-pass path
+pay-dev-pass:
+  deploy:
+    cd-pay-deploy:
+      pact-broker-password:             pact/pact_broker_password
+      pact-broker-username:             pact/pact_broker_username
+      pact-broker/pact-broker-password: pact/pact_broker_password
+      pact-broker/pact-broker-username: pact/pact_broker_username
+    cd-pay-dev:
+      pact-broker-password:         pact/pact_broker_password
+      pact-broker-username:         pact/pact_broker_username
+      pr-ci/pact-broker-username:   pact/pact_broker_username
+      pr-ci/pact-broker-password:   pact/pact_broker_password
+    pact-broker-auth:
+      pact-broker-basic-auth-password: pact/pact_broker_password
+      pact-broker-basic-auth-username: pact/pact_broker_username
+  test-12:
+    connector:
+      SANDBOX_AUTH_TOKEN:                                  notifications/test/sandbox_auth_token
+  test-perf-1:
+    connector:
+      SANDBOX_AUTH_TOKEN:                                  notifications/test/sandbox_auth_token
+  staging-2:
+    connector:
+      SANDBOX_AUTH_TOKEN:                                  notifications/staging/sandbox_auth_token
+  production-2:
+    connector:
+      SANDBOX_AUTH_TOKEN:                                  notifications/production/sandbox_auth_token
+    frontend:
+      GOOGLE_PAY_MERCHANT_ID:                              google_pay/merchant_identifier
+      GOOGLE_PAY_MERCHANT_ID_2:                            google_pay/merchant_identifier_2
+# secrets here will be looked up from pay-low-pass
+# pay-low-pass[env][service][secretname] = pay-low-pass path
+pay-low-pass:
+  deploy:
+    alb_and_s3_logging_pipeline:
+      firehose_hec_token: splunk/firehose-hec-token
+    amazon-managed-prometheus:
+      pager_duty_cloudwatch_integration_url_in_hours_only:  pager-duty/govuk-pay-in-hours-only/amazon-cloudwatch-integration-url
+      pager_duty_cloudwatch_integration_url_24_7_p1:        pager-duty/govuk-pay/amazon-cloudwatch-integration-url
+    cd-pay-deploy:
+      docker-email:                              dockerhub/concourse-email
+      docker-username:                           dockerhub/concourse-username
+      docker-password:                           dockerhub/concourse-password
+      docker-access-token:                       dockerhub/concourse-access-token
+      end-to-end/docker-email:                   dockerhub/concourse-email
+      end-to-end/docker-password:                dockerhub/concourse-password
+      end-to-end/docker-username:                dockerhub/concourse-username
+      end-to-end/docker-access-token:            dockerhub/concourse-access-token
+      github-access-token:                       alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
+      slack-notification-secret:             slack/notification-secret
+    cd-pay-dev:
+      docker-email:                        dockerhub/concourse-email
+      docker-username:                     dockerhub/concourse-username
+      docker-password:                     dockerhub/concourse-password
+      docker-access-token:                 dockerhub/concourse-access-token
+      github-access-token:                 alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
+      pay-js-commons/github-access-token:  alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
+      pr-ci/github-access-token:           alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
+      slack-notification-secret:           slack/notification-secret
+      smartpay-expected-password:          pay-stubs/smartpay/expected-password
+      smartpay-expected-user:              pay-stubs/smartpay/expected-user
+      worldpay-expected-password:          pay-stubs/worldpay/expected-password
+      worldpay-expected-user:              pay-stubs/worldpay/expected-user
+    cd-main:
+      docker-email:                        dockerhub/concourse-email
+      docker-username:                     dockerhub/concourse-username
+      docker-password:                     dockerhub/concourse-password
+      docker-access-token:                 dockerhub/concourse-access-token
+      slack-notification-secret:           slack/notification-secret
+  deploy-7:
+    deploy:
+      PAGER_DUTY_CLOUDWATCH_INTEGRATION_URL:          pager-duty/govuk-pay/amazon-cloudwatch-integration-url
+      PAGER_DUTY_CLOUDWATCH_INTEGRATION_URL_STAGING:  pager-duty/govuk-pay-staging-smoke-tests/amazon-cloudwatch-integration-url
+  deploy-tooling:
+    pact-broker:
+      master_db_user:                               aws/rds/superuser/deploy-tooling/pact-broker/username
+      master_db_password:                           aws/rds/superuser/deploy-tooling/pact-broker/password # pragma: allowlist secret
+      db_user:                                      aws/rds/application_users/deploy/pact_broker_db_username
+      db_password:                                  aws/rds/application_users/deploy/pact_broker_db_password # pragma: allowlist secret
+    stubs:
+      smartpay-expected-password:          pay-stubs/smartpay/expected-password
+      smartpay-expected-user:              pay-stubs/smartpay/expected-user
+      worldpay-expected-password:          pay-stubs/worldpay/expected-password
+      worldpay-expected-user:              pay-stubs/worldpay/expected-user
+  test-12:
+    adminusers:
+      DB_PASSWORD:                                  aws/rds/application_users/test/adminusers1
+      NOTIFY_API_KEY:                               notify/api_key/ci/test.adminusers.notify_api_key
+      SENTRY_DSN:                                   sentry_io/adminusers_dsn
+    cardid:
+      SENTRY_DSN:                                   sentry_io/cardid_dsn
+    connector:
+      DB_PASSWORD:                                                       aws/rds/application_users/test/connector2
+      NOTIFY_API_KEY:                                                    notify/api_key/ci/test.connector.notify_api_key
+      GDS_CONNECTOR_STRIPE_AUTH_TOKEN:                                   stripe/test/test/account-api-key
+      GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN:                              stripe/test/test/account-api-key
+      GDS_CONNECTOR_STRIPE_WEBHOOK_SIGN_SECRET:                          stripe/test/test/webhook-secret
+      GDS_CONNECTOR_STRIPE_WEBHOOK_LIVE_SIGN_SECRET:                     stripe/test/test/webhook-secret
+      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_LIVE_SIGN_SECRET: stripe/test/test/webhook-connect-events-secret
+      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_TEST_SIGN_SECRET: stripe/test/test/webhook-connect-events-secret
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE:                 apple_pay/worldpay/test/payment-processing-certificate-20230906
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY:                 apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_SECONDARY:       apple_pay/worldpay/test/payment-processing-certificate-20230906
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY_SECONDARY:       apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
+      SENTRY_DSN:                                                        sentry_io/connector_dsn
+    failwhale:
+      google-analytics-id: google-analytics/failwhale/test/google-analytics-id
+    frontend:
+      SESSION_ENCRYPTION_KEY:                         ""
+      SESSION_ENCRYPTION_KEY_2:                       ""
+      WORLDPAY_APPLE_PAY_MERCHANT_ID:                 apple_pay/worldpay/test/merchant-id
+      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE:     apple_pay/worldpay/test/merchant-id-certificate-20230905
+      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY: apple_pay/worldpay/test/merchant-id-certificate-key-20230905
+      STRIPE_APPLE_PAY_MERCHANT_ID:                   apple_pay/stripe/test/merchant-id
+      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE:       apple_pay/stripe/test/merchant-id-certificate-20230823
+      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY:   apple_pay/stripe/test/merchant-id-certificate-key-20230823
+      STRIPE_TEST_PUBLISHABLE_API_KEY:                stripe/test/test/publishable-api-key
+      STRIPE_LIVE_PUBLISHABLE_API_KEY:                stripe/test/test/publishable-api-key
+      SENTRY_DSN:                                     sentry/frontend_dsn
+      SENTRY_CSP_REPORT_URI:                          sentry/frontend_csp_report_uri
+    ledger:
+      DB_PASSWORD:                                  aws/rds/application_users/test/ledger
+      SENTRY_DSN:                                   sentry_io/ledger_dsn
+    webhooks:
+      DB_PASSWORD:                                  aws/rds/application_users/test/webhooks # pragma: allowlist secret
+      SENTRY_DSN:                                   sentry_io/webhooks_dsn
+    product-page:
+      pager_duty_cloudwatch_integration_url:        pager-duty/govuk-pay-product-page/amazon-cloudwatch-integration-url
+    publicapi:
+      TOKEN_API_HMAC_SECRET:                        ""
+      SENTRY_DSN:                                   sentry_io/publicapi_dsn
+    publicauth:
+      DB_USER:                                      ""
+      DB_PASSWORD:                                  ""
+      TOKEN_DB_BCRYPT_SALT:                         ""
+      TOKEN_API_HMAC_SECRET:                        ""
+      SENTRY_DSN:                                   sentry_io/publicauth_dsn
+    products:
+      DB_USER:                                      ""
+      DB_PASSWORD:                                  ""
+      SENTRY_DSN:                                   sentry_io/products_dsn
+    products-ui:
+      SESSION_ENCRYPTION_KEY:                       ""
+      SENTRY_DSN:                                   sentry_io/products_ui_dsn
+      GOOGLE_RECAPTCHA_SECRET_KEY:                  google/test/captcha-secret-key
+      GOOGLE_RECAPTCHA_SITE_KEY:                    google/test/captcha-site-key
+    selfservice:
+      SESSION_ENCRYPTION_KEY:                       ""
+      ZENDESK_API_KEY:                              zendesk/api_key
+      ZENDESK_USER:                                 zendesk/user
+      STRIPE_ACCOUNT_API_KEY:                       stripe/test/test/account-api-key
+      SENTRY_DSN:                                   sentry/selfservice_dsn
+    terraform:
+      ADMINUSERS_RDS_PASSWORD:                      aws/rds/superuser/test-12/adminusers/payment-password
+      CONNECTOR_RDS_PASSWORD:                       aws/rds/superuser/test-12/connector/payment-password
+      LEDGER_RDS_PASSWORD:                          aws/rds/superuser/test-12/ledger/payment-password
+      PRODUCTS_RDS_PASSWORD:                        aws/rds/superuser/test-12/products/payment-password
+      PUBLICAUTH_RDS_PASSWORD:                      aws/rds/superuser/test-12/publicauth/payment-password
+      ADMINUSERS_APP_RDS_PASSWORD:                  aws/rds/application_users/test/adminusers
+      CONNECTOR_APP_RDS_PASSWORD:                   aws/rds/application_users/test/connector2
+      LEDGER_APP_RDS_PASSWORD:                      aws/rds/application_users/test/ledger
+      WEBHOOKS_APP_RDS_PASSWORD:                    aws/rds/application_users/test/webhooks # pragma: allowlist secret
+      PRODUCTS_APP_RDS_PASSWORD:                    aws/rds/application_users/test/products
+      PUBLICAUTH_APP_RDS_PASSWORD:                  aws/rds/application_users/test/publicauth
+    toolbox:
+      AUTH_GITHUB_CLIENT_ID:                        pay-toolbox/test/github_client_id
+      AUTH_GITHUB_CLIENT_SECRET:                    pay-toolbox/test/github_client_secret
+      STRIPE_ACCOUNT_API_KEY:                       stripe/test/test/account-api-key
+      STRIPE_ACCOUNT_TEST_API_KEY:                  stripe/test/test/account-api-key
+      SENTRY_DSN:                                   sentry/toolbox_dsn
+      ZENDESK_USER:                                 zendesk/user
+      ZENDESK_API_KEY:                              zendesk/api_key
+  test-perf-1:
+    adminusers:
+      DB_PASSWORD:                                  aws/rds/application_users/test/adminusers
+      NOTIFY_API_KEY:                               notify/api_key/ci/test.adminusers.notify_api_key
+      SENTRY_DSN:                                   sentry_io/adminusers_dsn
+    cardid:
+      SENTRY_DSN:                                   sentry_io/cardid_dsn
+    connector:
+      DB_PASSWORD:                                                       aws/rds/superuser/test-12/connector/payment-password
+      NOTIFY_API_KEY:                                                    notify/api_key/ci/test.connector.notify_api_key
+      GDS_CONNECTOR_STRIPE_AUTH_TOKEN:                                   stripe/test/test/account-api-key
+      GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN:                              stripe/test/test/account-api-key
+      GDS_CONNECTOR_STRIPE_WEBHOOK_SIGN_SECRET:                          stripe/test/test/webhook-secret
+      GDS_CONNECTOR_STRIPE_WEBHOOK_LIVE_SIGN_SECRET:                     stripe/test/test/webhook-secret
+      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_LIVE_SIGN_SECRET: stripe/test/test/webhook-connect-events-secret
+      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_TEST_SIGN_SECRET: stripe/test/test/webhook-connect-events-secret
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE:                 apple_pay/worldpay/test/payment-processing-certificate-20230906
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY:                 apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_SECONDARY:       apple_pay/worldpay/test/payment-processing-certificate-20230906
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY_SECONDARY:       apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
+      SENTRY_DSN:                                                        sentry_io/connector_dsn
+    frontend:
+      SESSION_ENCRYPTION_KEY:                         ""
+      SESSION_ENCRYPTION_KEY_2:                       ""
+      WORLDPAY_APPLE_PAY_MERCHANT_ID:                 apple_pay/worldpay/test/merchant-id
+      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE:     apple_pay/worldpay/test/merchant-id-certificate-20230905
+      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY: apple_pay/worldpay/test/merchant-id-certificate-key-20230905
+      STRIPE_APPLE_PAY_MERCHANT_ID:                   apple_pay/stripe/test/merchant-id
+      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE:       apple_pay/stripe/test/merchant-id-certificate-20230823
+      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY:   apple_pay/stripe/test/merchant-id-certificate-key-20230823
+      STRIPE_TEST_PUBLISHABLE_API_KEY:                stripe/test/test/publishable-api-key
+      STRIPE_LIVE_PUBLISHABLE_API_KEY:                stripe/test/test/publishable-api-key
+      SENTRY_DSN:                                     sentry/frontend_dsn
+      SENTRY_CSP_REPORT_URI:                          sentry/frontend_csp_report_uri
+    ledger:
+      DB_PASSWORD:                                  aws/rds/application_users/test/ledger
+      SENTRY_DSN:                                   sentry_io/ledger_dsn
+    publicapi:
+      TOKEN_API_HMAC_SECRET:                        ""
+      SENTRY_DSN:                                   sentry_io/publicapi_dsn
+    publicauth:
+      DB_USER:                                      ""
+      DB_PASSWORD:                                  ""
+      TOKEN_DB_BCRYPT_SALT:                         ""
+      TOKEN_API_HMAC_SECRET:                        ""
+      SENTRY_DSN:                                   sentry_io/publicauth_dsn
+    products:
+      DB_USER:                                      ""
+      DB_PASSWORD:                                  ""
+      SENTRY_DSN:                                   sentry_io/products_dsn
+    products-ui:
+      SESSION_ENCRYPTION_KEY:                       ""
+      SENTRY_DSN:                                   sentry_io/products_ui_dsn
+      GOOGLE_RECAPTCHA_SECRET_KEY:                  google/test/captcha-secret-key
+      GOOGLE_RECAPTCHA_SITE_KEY:                    google/test/captcha-site-key
+    selfservice:
+      SESSION_ENCRYPTION_KEY:                       ""
+      ZENDESK_API_KEY:                              zendesk/api_key
+      ZENDESK_USER:                                 zendesk/user
+      STRIPE_ACCOUNT_API_KEY:                       stripe/test/test/account-api-key
+      SENTRY_DSN:                                   sentry/selfservice_dsn
+    terraform:
+      ADMINUSERS_RDS_PASSWORD:                      aws/rds/superuser/test-12/adminusers/payment-password
+      CONNECTOR_RDS_PASSWORD:                       aws/rds/superuser/test-12/connector/payment-password
+      LEDGER_RDS_PASSWORD:                          aws/rds/superuser/test-12/ledger/payment-password
+      PRODUCTS_RDS_PASSWORD:                        aws/rds/superuser/test-12/products/payment-password
+      PUBLICAUTH_RDS_PASSWORD:                      aws/rds/superuser/test-12/publicauth/payment-password
+      ADMINUSERS_APP_RDS_PASSWORD:                  aws/rds/application_users/test/adminusers
+      CONNECTOR_APP_RDS_PASSWORD:                   aws/rds/application_users/test/connector2
+      LEDGER_APP_RDS_PASSWORD:                      aws/rds/application_users/test/ledger
+      PRODUCTS_APP_RDS_PASSWORD:                    aws/rds/application_users/test/products
+      PUBLICAUTH_APP_RDS_PASSWORD:                  aws/rds/application_users/test/publicauth
+    toolbox:
+      AUTH_GITHUB_CLIENT_ID:                        pay-toolbox/test/github_client_id
+      AUTH_GITHUB_CLIENT_SECRET:                    pay-toolbox/test/github_client_secret
+      STRIPE_ACCOUNT_API_KEY:                       stripe/test/test/account-api-key
+      STRIPE_ACCOUNT_TEST_API_KEY:                  stripe/test/test/account-api-key
+      SENTRY_DSN:                                   sentry/toolbox_dsn
+      ZENDESK_API_KEY:                              zendesk/api_key
+      ZENDESK_USER:                                 zendesk/user
+    webhooks:
+      DB_PASSWORD:                                  aws/rds/application_users/test/webhooks # pragma: allowlist secret
+      SENTRY_DSN:                                   sentry_io/webhooks_dsn
+  test:
+    alb_and_s3_logging_pipeline:
+      firehose_hec_token: splunk/firehose-hec-token
+    codebuild:
+      docker-username: dockerhub/concourse-username
+      docker-access-token: dockerhub/concourse-access-token
+      github-access-token: alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
+  dev:
+    alb_and_s3_logging_pipeline:
+      firehose_hec_token: splunk/firehose-hec-token
+    codebuild:
+      docker-username: dockerhub/concourse-username
+      docker-access-token: dockerhub/concourse-access-token
+      github-access-token: alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
+  ci:
+    alb_and_s3_logging_pipeline:
+      firehose_hec_token: splunk/firehose-hec-token
+  staging-2:
+    adminusers:
+      DB_PASSWORD:                                  aws/rds/application_users/staging/adminusers1
+      NOTIFY_API_KEY:                               notify/api_key/deploy/staging.adminusers.notify_api_key
+      SENTRY_DSN:                                   sentry_io/adminusers_dsn
+    cardid:
+      SENTRY_DSN:                                   sentry_io/cardid_dsn
+    connector:
+      DB_PASSWORD:                                                       aws/rds/application_users/staging/connector1
+      NOTIFY_API_KEY:                                                    notify/api_key/deploy/staging.connector.notify_api_key
+      GDS_CONNECTOR_STRIPE_AUTH_TOKEN:                                   stripe/staging/test/account-api-key
+      GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN:                              stripe/staging/test/account-api-key
+      GDS_CONNECTOR_STRIPE_WEBHOOK_SIGN_SECRET:                          stripe/staging/test/webhook-secret
+      GDS_CONNECTOR_STRIPE_WEBHOOK_LIVE_SIGN_SECRET:                     stripe/staging/test/webhook-secret
+      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_LIVE_SIGN_SECRET: stripe/staging/test/webhook-connect-events-secret
+      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_TEST_SIGN_SECRET: stripe/staging/test/webhook-connect-events-secret
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE:                 apple_pay/worldpay/test/payment-processing-certificate-20230906
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY:                 apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_SECONDARY:       apple_pay/worldpay/test/payment-processing-certificate-20230906
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY_SECONDARY:       apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
+      SENTRY_DSN:                                                        sentry_io/connector_dsn
+    failwhale:
+      google-analytics-id: google-analytics/failwhale/staging/google-analytics-id
+    frontend:
+      WORLDPAY_APPLE_PAY_MERCHANT_ID:                 apple_pay/worldpay/test/merchant-id
+      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE:     apple_pay/worldpay/test/merchant-id-certificate-20230905
+      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY: apple_pay/worldpay/test/merchant-id-certificate-key-20230905
+      STRIPE_APPLE_PAY_MERCHANT_ID:                   apple_pay/stripe/staging/merchant-id
+      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE:       apple_pay/stripe/staging/merchant-id-certificate-20230823
+      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY:   apple_pay/stripe/staging/merchant-id-certificate-key-20230823
+      STRIPE_TEST_PUBLISHABLE_API_KEY:                stripe/staging/test/publishable-api-key
+      STRIPE_LIVE_PUBLISHABLE_API_KEY:                stripe/staging/test/publishable-api-key
+      SENTRY_DSN:                                     sentry/frontend_dsn
+      SENTRY_CSP_REPORT_URI:                          sentry/frontend_csp_report_uri
+    ledger:
+      DB_PASSWORD:                                  aws/rds/application_users/staging/ledger
+      SENTRY_DSN:                                   sentry_io/ledger_dsn
+    products:
+      SENTRY_DSN:                                   sentry_io/products_dsn
+    products-ui:
+      SENTRY_DSN:                                   sentry_io/products_ui_dsn
+      GOOGLE_RECAPTCHA_SECRET_KEY:                  google/test/captcha-secret-key
+      GOOGLE_RECAPTCHA_SITE_KEY:                    google/test/captcha-site-key
+    publicapi:
+      SENTRY_DSN:                                   sentry_io/publicapi_dsn
+      TOKEN_API_HMAC_SECRET:                        ""
+    publicauth:
+      SENTRY_DSN:                                   sentry_io/publicauth_dsn
+    product-page:
+      pager_duty_cloudwatch_integration_url:        pager-duty/govuk-pay-product-page/amazon-cloudwatch-integration-url
+    terraform:
+      ADMINUSERS_RDS_PASSWORD:                      aws/rds/superuser/staging-2/adminusers/payment-password
+      CONNECTOR_RDS_PASSWORD:                       aws/rds/superuser/staging-2/connector/payment-password
+      LEDGER_RDS_PASSWORD:                          aws/rds/superuser/staging-2/ledger/payment-password
+      PRODUCTS_RDS_PASSWORD:                        aws/rds/superuser/staging-2/products/payment-password
+      PUBLICAUTH_RDS_PASSWORD:                      aws/rds/superuser/staging-2/publicauth/payment-password
+      WEBHOOKS_RDS_PASSWORD:                        aws/rds/superuser/staging-2/webhooks/payment-password # pragma: allowlist secret
+      ADMINUSERS_APP_RDS_PASSWORD:                  aws/rds/application_users/staging/adminusers
+      CONNECTOR_APP_RDS_PASSWORD:                   aws/rds/application_users/staging/connector1
+      LEDGER_APP_RDS_PASSWORD:                      aws/rds/application_users/staging/ledger
+      PRODUCTS_APP_RDS_PASSWORD:                    aws/rds/application_users/staging/products
+      PUBLICAUTH_APP_RDS_PASSWORD:                  aws/rds/application_users/staging/publicauth
+      WEBHOOKS_APP_RDS_PASSWORD:                    aws/rds/application_users/staging/webhooks # pragma: allowlist secret
+    selfservice:
+      ZENDESK_API_KEY:                              zendesk/api_key
+      ZENDESK_USER:                                 zendesk/user
+      STRIPE_ACCOUNT_API_KEY:                       stripe/staging/test/account-api-key
+      SENTRY_DSN:                                   sentry/selfservice_dsn
+    toolbox:
+      AUTH_GITHUB_CLIENT_ID:                        pay-toolbox/staging/github_client_id
+      AUTH_GITHUB_CLIENT_SECRET:                    pay-toolbox/staging/github_client_secret
+      STRIPE_ACCOUNT_API_KEY:                       stripe/staging/test/account-api-key
+      STRIPE_ACCOUNT_TEST_API_KEY:                  stripe/staging/test/account-api-key
+      SENTRY_DSN:                                   sentry/toolbox_dsn
+      ZENDESK_API_KEY:                              zendesk/api_key
+      ZENDESK_USER:                                 zendesk/user
+    webhooks:
+      DB_PASSWORD:                                  aws/rds/application_users/staging/webhooks # pragma: allowlist secret
+      SENTRY_DSN:                                   sentry_io/webhooks_dsn
+    webhooks_intrusion_monitoring:
+      pager_duty_cloudwatch_integration_url:        pager-duty/govuk-pay-staging-webhooks/amazon-cloudwatch-integration-url
+  staging:
+    alb_and_s3_logging_pipeline:
+      firehose_hec_token: splunk/firehose-hec-token
+  production-2:
+    adminusers:
+      DB_PASSWORD:                                  aws/rds/application_users/production/adminusers1
+      NOTIFY_API_KEY:                               notify/api_key/deploy/production.adminusers.notify_api_key
+      SENTRY_DSN:                                   sentry_io/adminusers_dsn
+    cardid:
+      SENTRY_DSN:                                   sentry_io/cardid_dsn
+    connector:
+      DB_PASSWORD:                                                       aws/rds/application_users/production/connector2
+      NOTIFY_API_KEY:                                                    notify/api_key/deploy/production.connector.notify_api_key
+      GDS_CONNECTOR_STRIPE_AUTH_TOKEN:                                   stripe/production/test/account-api-key
+      GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN:                              stripe/production/live/account-api-key
+      GDS_CONNECTOR_STRIPE_WEBHOOK_SIGN_SECRET:                          stripe/production/test/webhook-secret
+      GDS_CONNECTOR_STRIPE_WEBHOOK_LIVE_SIGN_SECRET:                     stripe/production/live/webhook-secret
+      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_LIVE_SIGN_SECRET: stripe/production/live/webhook-connect-events-secret
+      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_TEST_SIGN_SECRET: stripe/production/test/webhook-connect-events-secret
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE:                 apple_pay/worldpay/production/payment-processing-certificate-20230906
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY:                 apple_pay/worldpay/production/payment-processing-private-key-20230906 # pragma: allowlist secret
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_SECONDARY:       apple_pay/worldpay/production/payment-processing-certificate-20230906
+      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY_SECONDARY:       apple_pay/worldpay/production/payment-processing-private-key-20230906 # pragma: allowlist secret
+      SENTRY_DSN:                                                        sentry_io/connector_dsn
+    failwhale:
+      google-analytics-id: google-analytics/failwhale/production/google-analytics-id
+    frontend:
+      WORLDPAY_APPLE_PAY_MERCHANT_ID:                 apple_pay/worldpay/production/merchant-id
+      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE:     apple_pay/worldpay/production/merchant-id-certificate-20230906
+      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY: apple_pay/worldpay/production/merchant-id-certificate-key-20230906
+      STRIPE_APPLE_PAY_MERCHANT_ID:                   apple_pay/stripe/production/merchant-id
+      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE:       apple_pay/stripe/production/merchant-id-certificate-20230823
+      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY:   apple_pay/stripe/production/merchant-id-certificate-key-20230823
+      STRIPE_TEST_PUBLISHABLE_API_KEY:                stripe/production/test/publishable-api-key
+      STRIPE_LIVE_PUBLISHABLE_API_KEY:                stripe/production/live/publishable-api-key
+      SENTRY_DSN:                                     sentry/frontend_dsn
+      SENTRY_CSP_REPORT_URI:                          sentry/frontend_csp_report_uri
+    ledger:
+      DB_PASSWORD:                                  aws/rds/application_users/production/ledger
+      SENTRY_DSN:                                   sentry_io/ledger_dsn
+    network:
+      PAGER_DUTY_CLOUDWATCH_ALB_INTEGRATION_URL:    pager-duty/govuk-pay-cloudwatch-alb/amazon-cloudwatch-integration-url
+    product-page:
+      pager_duty_cloudwatch_integration_url:        pager-duty/govuk-pay-product-page/amazon-cloudwatch-integration-url
+    products:
+      SENTRY_DSN:                                   sentry_io/products_dsn
+    products-ui:
+      SENTRY_DSN:                                   sentry_io/products_ui_dsn
+      GOOGLE_RECAPTCHA_SECRET_KEY:                  google/production/captcha-secret-key
+      GOOGLE_RECAPTCHA_SITE_KEY:                    google/production/captcha-site-key
+      GOOGLE_RECAPTCHA_ENTERPRISE_PROJECT_ID:       google/production/captcha-enterprise-project-id
+    publicapi:
+      SENTRY_DSN:                                   sentry_io/publicapi_dsn
+    publicauth:
+      SENTRY_DSN:                                   sentry_io/publicauth_dsn
+    terraform:
+      ADMINUSERS_RDS_PASSWORD:                      aws/rds/superuser/production-2/adminusers/payment-password
+      CONNECTOR_RDS_PASSWORD:                       aws/rds/superuser/production-2/connector/payment-password
+      LEDGER_RDS_PASSWORD:                          aws/rds/superuser/production-2/ledger/payment-password
+      PRODUCTS_RDS_PASSWORD:                        aws/rds/superuser/production-2/products/payment-password
+      PUBLICAUTH_RDS_PASSWORD:                      aws/rds/superuser/production-2/publicauth/payment-password
+      WEBHOOKS_RDS_PASSWORD:                        aws/rds/superuser/production-2/webhooks/payment-password # pragma: allowlist secret
+      ADMINUSERS_APP_RDS_PASSWORD:                  aws/rds/application_users/production/adminusers
+      CONNECTOR_APP_RDS_PASSWORD:                   aws/rds/application_users/production/connector2
+      LEDGER_APP_RDS_PASSWORD:                      aws/rds/application_users/production/ledger
+      PRODUCTS_APP_RDS_PASSWORD:                    aws/rds/application_users/production/products
+      PUBLICAUTH_APP_RDS_PASSWORD:                  aws/rds/application_users/production/publicauth
+      WEBHOOKS_APP_RDS_PASSWORD:                    aws/rds/application_users/production/webhooks # pragma: allowlist secret
+    selfservice:
+      ZENDESK_API_KEY:                              zendesk/api_key
+      ZENDESK_USER:                                 zendesk/user
+      STRIPE_ACCOUNT_API_KEY:                       stripe/production/live/account-api-key
+      SENTRY_DSN:                                   sentry/selfservice_dsn
+    toolbox:
+      AUTH_GITHUB_CLIENT_ID:                        pay-toolbox/production/github_client_id
+      AUTH_GITHUB_CLIENT_SECRET:                    pay-toolbox/production/github_client_secret
+      STRIPE_ACCOUNT_API_KEY:                       stripe/production/live/account-api-key
+      STRIPE_ACCOUNT_TEST_API_KEY:                  stripe/production/test/account-api-key
+      SENTRY_DSN:                                   sentry/toolbox_dsn
+      ZENDESK_API_KEY:                              zendesk/api_key
+      ZENDESK_USER:                                 zendesk/user
+    webhooks:
+      DB_PASSWORD:                                  aws/rds/application_users/production/webhooks # pragma: allowlist secret
+      SENTRY_DSN:                                   sentry_io/webhooks_dsn
+    webhooks_intrusion_monitoring:
+      pager_duty_cloudwatch_integration_url:        pager-duty/govuk-pay/amazon-cloudwatch-integration-url
+  production:
+    alb_and_s3_logging_pipeline:
+      firehose_hec_token: splunk/firehose-hec-token
+# secrets here are just regular values
+# value[env][service][key] = value
+value:
+  ci-5:
+    terraform:
+      CHEF_ROLE: "build"
+      PERF_ENV: "false"
+  deploy:
+    cd-pay-deploy:
+      pay_aws_deploy_account_id:        "424875624006"
+      pay_aws_prod_account_id:          "092359438320"
+      pay_aws_staging_account_id:       "888564216586"
+      pay_aws_test_account_id:          "223851549868"
+      pay-team-manual/github-username:  "alphagov-pay-ci-concourse"
+    cd-pay-dev:
+      pay_aws_deploy_account_id:  "424875624006"
+      pay_aws_staging_account_id: "888564216586"
+      pay_aws_test_account_id:    "223851549868"
+      pay_aws_dev_account_id:     "673337093959"  # pragma: allowlist secret
+      pay_aws_ci_account_id:      "687320788729"  # pragma: allowlist secret
+  dev-fg-1:
+    terraform:
+      PERF_ENV: "false"
+      # These are not used in dev-fg-1 but are required by terraform make so lets make them bogus values
+      # which will fail if we try to create with them. See
+      # https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints for
+      # dissallowed characters which we use here to ensure they are never usable passwords
+      ADMINUSERS_RDS_PASSWORD: "/"    # pragma: allowlist secret
+      CONNECTOR_RDS_PASSWORD: "/"     # pragma: allowlist secret
+      LEDGER_RDS_PASSWORD: "/"        # pragma: allowlist secret
+      PRODUCTS_RDS_PASSWORD: "/"      # pragma: allowlist secret
+      PUBLICAUTH_RDS_PASSWORD: "/"    # pragma: allowlist secret
+  test-12:
+    adminusers:
+      DB_USER: "adminusers1"
+      NOTIFY_SECRET: ""
+    connector:
+      DB_USER: "connector2"
+      NOTIFY_SECRET: ""
+    frontend:
+      AB_TEST_THRESHOLD:      "50"
+      GOOGLE_PAY_MERCHANT_ID: "value-not-set"
+      GOOGLE_PAY_MERCHANT_ID_2: "value-not-set"
+    ledger:
+      DB_USER: "ledger"
+    webhooks:
+      DB_USER: "webhooks"
+    publicauth:
+      DB_USER: "publicauth1"
+    products:
+      DB_USER: "products"
+    toolbox:
+      AUTH_GITHUB_VIEW_ONLY_TEAM_ID: "3304536"
+      AUTH_GITHUB_USER_SUPPORT_TEAM_ID: "3304536"
+      AUTH_GITHUB_ADMIN_TEAM_ID: "3304536"
+    terraform:
+      PERF_ENV: "false"
+  test-perf-1:
+    adminusers:
+      DB_USER: "adminusers"
+      NOTIFY_SECRET: ""
+    connector:
+      DB_USER: "connector"
+      NOTIFY_SECRET: ""
+    frontend:
+      AB_TEST_THRESHOLD:      "50"
+      GOOGLE_PAY_MERCHANT_ID: "value-not-set"
+      GOOGLE_PAY_MERCHANT_ID_2: "value-not-set"
+    ledger:
+      DB_USER: "ledger"
+    publicauth:
+      DB_USER: "publicauth"
+    products:
+      DB_USER: "products"
+    terraform:
+      PERF_ENV: "true"
+    toolbox:
+      AUTH_GITHUB_CLIENT_ID:
+      AUTH_GITHUB_CLIENT_SECRET:
+      AUTH_GITHUB_VIEW_ONLY_TEAM_ID: "3304536"
+      AUTH_GITHUB_USER_SUPPORT_TEAM_ID: "3304536"
+      AUTH_GITHUB_ADMIN_TEAM_ID: "3304536"
+    webhooks:
+      DB_USER: "webhooks"
+  staging-2:
+    adminusers:
+      DB_USER: "adminusers1"
+      NOTIFY_SECRET: ""
+    connector:
+      DB_USER: "connector1"
+      NOTIFY_SECRET: ""
+    frontend:
+      AB_TEST_THRESHOLD:      "50"
+      GOOGLE_PAY_MERCHANT_ID: "value-not-set"
+      GOOGLE_PAY_MERCHANT_ID_2: "value-not-set"
+    ledger:
+      DB_USER: "ledger"
+    publicauth:
+      DB_USER: "publicauth1"
+    products:
+      DB_USER: "products"
+    toolbox:
+      AUTH_GITHUB_VIEW_ONLY_TEAM_ID: "3304500"
+      AUTH_GITHUB_USER_SUPPORT_TEAM_ID: "3304500"
+      AUTH_GITHUB_ADMIN_TEAM_ID: "3304500"
+    terraform:
+      PERF_ENV: "false"
+    webhooks:
+      DB_USER: "webhooks"
+  production-2:
+    adminusers:
+      DB_USER: "adminusers1"
+      NOTIFY_SECRET: ""
+    connector:
+      DB_USER: "connector2"
+      NOTIFY_SECRET: ""
+    frontend:
+      AB_TEST_THRESHOLD:     "50"
+    ledger:
+      DB_USER: "ledger"
+    publicauth:
+      DB_USER: "publicauth1"
+    products:
+      DB_USER: "products"
+    performance-slack:
+      SLACK_URI: "https://hooks.slack.com/services/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"
+    toolbox:
+      AUTH_GITHUB_VIEW_ONLY_TEAM_ID: "7196958"
+      AUTH_GITHUB_USER_SUPPORT_TEAM_ID: "3304532"
+      AUTH_GITHUB_ADMIN_TEAM_ID: "3320243"
+    terraform:
+      PERF_ENV: "false"
+    webhooks:
+      DB_USER: "webhooks"