@govuk-pay/cli 0.0.55 → 0.0.57

package/resources/legacy-ruby-cli/config/secrets.yml

@@ -1,682 +0,0 @@
----
-# secrets here will be looked up from pay-low-pass
-# pay-low-pass[env][service][secretname] = pay-low-pass path
-pay-low-pass:
-  deploy:
-    worldpay_secure_file_gateway:
-      private-key: worldpay/secure_file_gateway/worldpay_secure_file_gateway.rsa
-      public-key: worldpay/secure_file_gateway/worldpay_secure_file_gateway.rsa.pub
-      passphrase: worldpay/secure_file_gateway/passphrase
-    alb_and_s3_logging_pipeline:
-      firehose_hec_token: splunk/firehose-hec-token
-    amazon-managed-prometheus:
-      pager_duty_cloudwatch_integration_url_in_hours_only:  pager-duty/govuk-pay-in-hours-only/amazon-cloudwatch-integration-url
-      pager_duty_cloudwatch_integration_url_24_7_p1:        pager-duty/govuk-pay/amazon-cloudwatch-integration-url
-    cd-pay-deploy:
-      docker-email:                              dockerhub/concourse-email
-      docker-username:                           dockerhub/concourse-username
-      docker-password:                           dockerhub/concourse-password
-      docker-access-token:                       dockerhub/concourse-access-token
-      end-to-end/docker-email:                   dockerhub/concourse-email
-      end-to-end/docker-password:                dockerhub/concourse-password
-      end-to-end/docker-username:                dockerhub/concourse-username
-      end-to-end/docker-access-token:            dockerhub/concourse-access-token
-      github-access-token:                       alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
-      grafana-annotations-password:        concourse/grafana_annotations
-      pact-broker-password:                      pact/pact_broker_password
-      pact-broker-username:                      pact/pact_broker_username
-      pact-broker/pact-broker-password:          pact/pact_broker_password
-      pact-broker/pact-broker-username:          pact/pact_broker_username
-      slack-notification-secret:             slack/notification-secret
-      internal-vulnerability-scan/jira-api-username: jira/concourse-ci/username
-      internal-vulnerability-scan/jira-api-token: jira/concourse-ci/internal-vulnerability-scan/api-token
-    cd-pay-dev:
-      docker-email:                        dockerhub/concourse-email
-      docker-username:                     dockerhub/concourse-username
-      docker-password:                     dockerhub/concourse-password
-      docker-access-token:                 dockerhub/concourse-access-token
-      github-access-token:                 alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
-      grafana-annotations-password:        concourse/grafana_annotations
-      pact-broker-password:                pact/pact_broker_password
-      pact-broker-username:                pact/pact_broker_username
-      pay-js-commons/github-access-token:  alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
-      pr-ci/github-access-token:           alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
-      slack-notification-secret:           slack/notification-secret
-      smartpay-expected-password:          pay-stubs/smartpay/expected-password
-      smartpay-expected-user:              pay-stubs/smartpay/expected-user
-      worldpay-expected-password:          pay-stubs/worldpay/expected-password
-      worldpay-expected-user:              pay-stubs/worldpay/expected-user
-    cd-main:
-      docker-email:                        dockerhub/concourse-email
-      docker-username:                     dockerhub/concourse-username
-      docker-password:                     dockerhub/concourse-password
-      docker-access-token:                 dockerhub/concourse-access-token
-      slack-notification-secret:           slack/notification-secret
-    pact-broker-auth:
-      pact-broker-basic-auth-password: pact/pact_broker_password
-      pact-broker-basic-auth-username: pact/pact_broker_username
-  deploy-7:
-    deploy:
-      PAGER_DUTY_CLOUDWATCH_INTEGRATION_URL:          pager-duty/govuk-pay/amazon-cloudwatch-integration-url
-      PAGER_DUTY_CLOUDWATCH_INTEGRATION_URL_STAGING:  pager-duty/govuk-pay-staging-smoke-tests/amazon-cloudwatch-integration-url
-  deploy-tooling:
-    pact-broker:
-      master_db_user:                               aws/rds/superuser/deploy-tooling/pact-broker/username
-      master_db_password:                           aws/rds/superuser/deploy-tooling/pact-broker/password # pragma: allowlist secret
-      DB_PASSWORD:                                  aws/rds/application_users/deploy/pact_broker # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/deploy/pact_broker_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/deploy/pact_broker_support_readwrite # pragma: allowlist secret
-    stubs:
-      smartpay-expected-password:          pay-stubs/smartpay/expected-password
-      smartpay-expected-user:              pay-stubs/smartpay/expected-user
-      worldpay-expected-password:          pay-stubs/worldpay/expected-password
-      worldpay-expected-user:              pay-stubs/worldpay/expected-user
-  test-12:
-    adminusers:
-      DB_PASSWORD:                                  aws/rds/application_users/test/adminusers1
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/test/adminusers_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/test/adminusers_support_readwrite # pragma: allowlist secret
-      NOTIFY_API_KEY:                               notify/api_key/ci/test.adminusers.notify_api_key
-      SENTRY_DSN:                                   sentry_io/adminusers_dsn
-    cardid:
-      SENTRY_DSN:                                   sentry_io/cardid_dsn
-    connector:
-      DB_PASSWORD:                                                       aws/rds/application_users/test/connector2
-      DB_SUPPORT_PASSWORD_READONLY:                                      aws/rds/support_readonly_users/test/connector_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                                     aws/rds/support_readwrite_users/test/connector_support_readwrite # pragma: allowlist secret
-      NOTIFY_API_KEY:                                                    notify/api_key/ci/test.connector.notify_api_key
-      GDS_CONNECTOR_STRIPE_AUTH_TOKEN:                                   stripe/test/test/account-api-key
-      GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN:                              stripe/test/test/account-api-key
-      GDS_CONNECTOR_STRIPE_WEBHOOK_SIGN_SECRET:                          stripe/test/test/webhook-secret
-      GDS_CONNECTOR_STRIPE_WEBHOOK_LIVE_SIGN_SECRET:                     stripe/test/test/webhook-secret
-      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_LIVE_SIGN_SECRET: stripe/test/test/webhook-connect-events-secret
-      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_TEST_SIGN_SECRET: stripe/test/test/webhook-connect-events-secret
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE:                 apple_pay/worldpay/test/payment-processing-certificate-20230906
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY:                 apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_SECONDARY:       apple_pay/worldpay/test/payment-processing-certificate-20230906
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY_SECONDARY:       apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
-      SENTRY_DSN:                                                        sentry_io/connector_dsn
-      SANDBOX_AUTH_TOKEN:                                                smoke-test-api-token/notifications/test_sandbox_auth_token
-    frontend:
-      SESSION_ENCRYPTION_KEY:                         ""
-      SESSION_ENCRYPTION_KEY_2:                       ""
-      WORLDPAY_APPLE_PAY_MERCHANT_ID:                 apple_pay/worldpay/test/merchant-id
-      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE:     apple_pay/worldpay/test/merchant-id-certificate-20240730
-      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY: apple_pay/worldpay/test/merchant-id-certificate-key-20240730
-      STRIPE_APPLE_PAY_MERCHANT_ID:                   apple_pay/stripe/test/merchant-id
-      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE:       apple_pay/stripe/test/merchant-id-certificate-20240730
-      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY:   apple_pay/stripe/test/merchant-id-certificate-key-20240730
-      STRIPE_TEST_PUBLISHABLE_API_KEY:                stripe/test/test/publishable-api-key
-      STRIPE_LIVE_PUBLISHABLE_API_KEY:                stripe/test/test/publishable-api-key
-      SENTRY_DSN:                                     sentry/frontend_dsn
-      SENTRY_CSP_REPORT_URI:                          sentry/frontend_csp_report_uri
-    ledger:
-      DB_PASSWORD:                                  aws/rds/application_users/test/ledger
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/test/ledger_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/test/ledger_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/ledger_dsn
-    webhooks:
-      DB_PASSWORD:                                  aws/rds/application_users/test/webhooks # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/test/webhooks_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/test/webhooks_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/webhooks_dsn
-    product-page:
-      pager_duty_cloudwatch_integration_url:        pager-duty/govuk-pay-product-page/amazon-cloudwatch-integration-url
-    publicapi:
-      # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
-      # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
-      # TOKEN_API_HMAC_SECRET:                        ""
-      SENTRY_DSN:                                   sentry_io/publicapi_dsn
-    publicauth:
-      DB_USER:                                      ""
-      DB_PASSWORD:                                  ""
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/test/publicauth_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/test/publicauth_support_readwrite # pragma: allowlist secret
-      # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
-      # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
-      # TOKEN_DB_BCRYPT_SALT:                         ""
-      # TOKEN_API_HMAC_SECRET:                        ""
-      SENTRY_DSN:                                   sentry_io/publicauth_dsn
-    products:
-      DB_USER:                                      ""
-      DB_PASSWORD:                                  ""
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/test/products_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/test/products_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/products_dsn
-    products-ui:
-      SESSION_ENCRYPTION_KEY:                       ""
-      SENTRY_DSN:                                   sentry_io/products_ui_dsn
-      GOOGLE_RECAPTCHA_SECRET_KEY:                  google/test/captcha-secret-key
-      GOOGLE_RECAPTCHA_SITE_KEY:                    google/test/captcha-site-key
-    selfservice:
-      SESSION_ENCRYPTION_KEY:                       ""
-      ZENDESK_API_KEY:                              zendesk/api_key
-      ZENDESK_USER:                                 zendesk/user
-      STRIPE_ACCOUNT_API_KEY:                       stripe/test/test/account-api-key
-      SENTRY_DSN:                                   sentry/selfservice_dsn
-    terraform:
-      ADMINUSERS_RDS_PASSWORD:                      aws/rds/superuser/test-12/adminusers/payment-password
-      CONNECTOR_RDS_PASSWORD:                       aws/rds/superuser/test-12/connector/payment-password
-      LEDGER_RDS_PASSWORD:                          aws/rds/superuser/test-12/ledger/payment-password
-      PRODUCTS_RDS_PASSWORD:                        aws/rds/superuser/test-12/products/payment-password
-      PUBLICAUTH_RDS_PASSWORD:                      aws/rds/superuser/test-12/publicauth/payment-password
-      ADMINUSERS_APP_RDS_PASSWORD:                  aws/rds/application_users/test/adminusers
-      CONNECTOR_APP_RDS_PASSWORD:                   aws/rds/application_users/test/connector2
-      LEDGER_APP_RDS_PASSWORD:                      aws/rds/application_users/test/ledger
-      WEBHOOKS_APP_RDS_PASSWORD:                    aws/rds/application_users/test/webhooks # pragma: allowlist secret
-      PRODUCTS_APP_RDS_PASSWORD:                    aws/rds/application_users/test/products
-      PUBLICAUTH_APP_RDS_PASSWORD:                  aws/rds/application_users/test/publicauth
-    toolbox:
-      AUTH_GITHUB_CLIENT_ID:                        pay-toolbox/test/github_client_id
-      AUTH_GITHUB_CLIENT_SECRET:                    pay-toolbox/test/github_client_secret
-      STRIPE_ACCOUNT_API_KEY:                       stripe/test/test/account-api-key
-      STRIPE_ACCOUNT_TEST_API_KEY:                  stripe/test/test/account-api-key
-      SENTRY_DSN:                                   sentry/toolbox_dsn
-      ZENDESK_USER:                                 zendesk/user
-      ZENDESK_API_KEY:                              zendesk/api_key
-  test-perf-1:
-    adminusers:
-      DB_PASSWORD:                                  aws/rds/application_users/test/adminusers
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/test-perf/adminusers_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/test-perf/adminusers_support_readwrite # pragma: allowlist secret
-      NOTIFY_API_KEY:                               notify/api_key/ci/test_perf.adminusers.notify_api_key # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/adminusers_dsn
-    cardid:
-      SENTRY_DSN:                                   sentry_io/cardid_dsn
-    connector:
-      DB_PASSWORD:                                                       aws/rds/superuser/test-12/connector/payment-password
-      DB_SUPPORT_PASSWORD_READONLY:                                      aws/rds/support_readonly_users/test-perf/connector_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                                     aws/rds/support_readwrite_users/test-perf/connector_support_readwrite # pragma: allowlist secret
-      NOTIFY_API_KEY:                                                    notify/api_key/ci/test_perf.connector.notify_api_key # pragma: allowlist secret
-      GDS_CONNECTOR_STRIPE_AUTH_TOKEN:                                   stripe/test/test/account-api-key
-      GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN:                              stripe/test/test/account-api-key
-      GDS_CONNECTOR_STRIPE_WEBHOOK_SIGN_SECRET:                          stripe/test/test/webhook-secret
-      GDS_CONNECTOR_STRIPE_WEBHOOK_LIVE_SIGN_SECRET:                     stripe/test/test/webhook-secret
-      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_LIVE_SIGN_SECRET: stripe/test/test/webhook-connect-events-secret
-      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_TEST_SIGN_SECRET: stripe/test/test/webhook-connect-events-secret
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE:                 apple_pay/worldpay/test/payment-processing-certificate-20230906
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY:                 apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_SECONDARY:       apple_pay/worldpay/test/payment-processing-certificate-20230906
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY_SECONDARY:       apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
-      SENTRY_DSN:                                                        sentry_io/connector_dsn
-      SANDBOX_AUTH_TOKEN:                                                smoke-test-api-token/notifications/test_sandbox_auth_token
-    frontend:
-      SESSION_ENCRYPTION_KEY:                         ""
-      SESSION_ENCRYPTION_KEY_2:                       ""
-      WORLDPAY_APPLE_PAY_MERCHANT_ID:                 apple_pay/worldpay/test/merchant-id
-      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE:     apple_pay/worldpay/test/merchant-id-certificate-20240730
-      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY: apple_pay/worldpay/test/merchant-id-certificate-key-20240730
-      STRIPE_APPLE_PAY_MERCHANT_ID:                   apple_pay/stripe/test/merchant-id
-      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE:       apple_pay/stripe/test/merchant-id-certificate-20240730
-      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY:   apple_pay/stripe/test/merchant-id-certificate-key-20240730
-      STRIPE_TEST_PUBLISHABLE_API_KEY:                stripe/test/test/publishable-api-key
-      STRIPE_LIVE_PUBLISHABLE_API_KEY:                stripe/test/test/publishable-api-key
-      SENTRY_DSN:                                     sentry/frontend_dsn
-      SENTRY_CSP_REPORT_URI:                          sentry/frontend_csp_report_uri
-    ledger:
-      DB_PASSWORD:                                  aws/rds/application_users/test/ledger
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/test-perf/ledger_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/test-perf/ledger_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/ledger_dsn
-    publicapi:
-      # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
-      # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
-      # TOKEN_API_HMAC_SECRET:                        ""
-      SENTRY_DSN:                                   sentry_io/publicapi_dsn
-    publicauth:
-      DB_USER:                                      ""
-      DB_PASSWORD:                                  ""
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/test-perf/publicauth_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/test-perf/publicauth_support_readwrite # pragma: allowlist secret
-      # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
-      # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
-      # TOKEN_DB_BCRYPT_SALT:                         ""
-      # TOKEN_API_HMAC_SECRET:                        ""
-      SENTRY_DSN:                                   sentry_io/publicauth_dsn
-    products:
-      DB_USER:                                      ""
-      DB_PASSWORD:                                  ""
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/test-perf/products_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/test-perf/products_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/products_dsn
-    products-ui:
-      SESSION_ENCRYPTION_KEY:                       ""
-      SENTRY_DSN:                                   sentry_io/products_ui_dsn
-      GOOGLE_RECAPTCHA_SECRET_KEY:                  google/test/captcha-secret-key
-      GOOGLE_RECAPTCHA_SITE_KEY:                    google/test/captcha-site-key
-    selfservice:
-      SESSION_ENCRYPTION_KEY:                       ""
-      ZENDESK_API_KEY:                              zendesk/api_key
-      ZENDESK_USER:                                 zendesk/user
-      STRIPE_ACCOUNT_API_KEY:                       stripe/test/test/account-api-key
-      SENTRY_DSN:                                   sentry/selfservice_dsn
-    terraform:
-      ADMINUSERS_RDS_PASSWORD:                      aws/rds/superuser/test-12/adminusers/payment-password
-      CONNECTOR_RDS_PASSWORD:                       aws/rds/superuser/test-12/connector/payment-password
-      LEDGER_RDS_PASSWORD:                          aws/rds/superuser/test-12/ledger/payment-password
-      PRODUCTS_RDS_PASSWORD:                        aws/rds/superuser/test-12/products/payment-password
-      PUBLICAUTH_RDS_PASSWORD:                      aws/rds/superuser/test-12/publicauth/payment-password
-      ADMINUSERS_APP_RDS_PASSWORD:                  aws/rds/application_users/test/adminusers
-      CONNECTOR_APP_RDS_PASSWORD:                   aws/rds/application_users/test/connector2
-      LEDGER_APP_RDS_PASSWORD:                      aws/rds/application_users/test/ledger
-      PRODUCTS_APP_RDS_PASSWORD:                    aws/rds/application_users/test/products
-      PUBLICAUTH_APP_RDS_PASSWORD:                  aws/rds/application_users/test/publicauth
-    toolbox:
-      AUTH_GITHUB_CLIENT_ID:                        pay-toolbox/test/github_client_id
-      AUTH_GITHUB_CLIENT_SECRET:                    pay-toolbox/test/github_client_secret
-      STRIPE_ACCOUNT_API_KEY:                       stripe/test/test/account-api-key
-      STRIPE_ACCOUNT_TEST_API_KEY:                  stripe/test/test/account-api-key
-      SENTRY_DSN:                                   sentry/toolbox_dsn
-      ZENDESK_API_KEY:                              zendesk/api_key
-      ZENDESK_USER:                                 zendesk/user
-    webhooks:
-      DB_PASSWORD:                                  aws/rds/application_users/test/webhooks # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/test-perf/webhooks_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/test-perf/webhooks_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/webhooks_dsn
-  test:
-    alb_and_s3_logging_pipeline:
-      firehose_hec_token: splunk/firehose-hec-token
-    codebuild:
-      docker-username: dockerhub/concourse-username
-      docker-access-token: dockerhub/concourse-access-token
-      github-access-token: alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
-  dev:
-    alb_and_s3_logging_pipeline:
-      firehose_hec_token: splunk/firehose-hec-token
-    codebuild:
-      docker-username: dockerhub/concourse-username
-      docker-access-token: dockerhub/concourse-access-token
-      github-access-token: alphagov-pay-ci-concourse/github.com-concourse-github-personal-access-token
-  staging-2:
-    adminusers:
-      DB_PASSWORD:                                  aws/rds/application_users/staging/adminusers1
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/staging/adminusers_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/staging/adminusers_support_readwrite # pragma: allowlist secret
-      NOTIFY_API_KEY:                               notify/api_key/deploy/staging.adminusers.notify_api_key
-      SENTRY_DSN:                                   sentry_io/adminusers_dsn
-    cardid:
-      SENTRY_DSN:                                   sentry_io/cardid_dsn
-    connector:
-      DB_PASSWORD:                                                       aws/rds/application_users/staging/connector1
-      DB_SUPPORT_PASSWORD_READONLY:                                      aws/rds/support_readonly_users/staging/connector_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                                     aws/rds/support_readwrite_users/staging/connector_support_readwrite # pragma: allowlist secret
-      NOTIFY_API_KEY:                                                    notify/api_key/deploy/staging.connector.notify_api_key
-      GDS_CONNECTOR_STRIPE_AUTH_TOKEN:                                   stripe/staging/test/account-api-key
-      GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN:                              stripe/staging/test/account-api-key
-      GDS_CONNECTOR_STRIPE_WEBHOOK_SIGN_SECRET:                          stripe/staging/test/webhook-secret
-      GDS_CONNECTOR_STRIPE_WEBHOOK_LIVE_SIGN_SECRET:                     stripe/staging/test/webhook-secret
-      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_LIVE_SIGN_SECRET: stripe/staging/test/webhook-connect-events-secret
-      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_TEST_SIGN_SECRET: stripe/staging/test/webhook-connect-events-secret
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE:                 apple_pay/worldpay/test/payment-processing-certificate-20230906
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY:                 apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_SECONDARY:       apple_pay/worldpay/test/payment-processing-certificate-20230906
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY_SECONDARY:       apple_pay/worldpay/test/payment-processing-private-key-20230906 # pragma: allowlist secret
-      SENTRY_DSN:                                                        sentry_io/connector_dsn
-      SANDBOX_AUTH_TOKEN:                                                smoke-test-api-token/notifications/staging_sandbox_auth_token
-    frontend:
-      WORLDPAY_APPLE_PAY_MERCHANT_ID:                 apple_pay/worldpay/test/merchant-id
-      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE:     apple_pay/worldpay/test/merchant-id-certificate-20230905
-      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY: apple_pay/worldpay/test/merchant-id-certificate-key-20230905
-      STRIPE_APPLE_PAY_MERCHANT_ID:                   apple_pay/stripe/staging/merchant-id
-      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE:       apple_pay/stripe/staging/merchant-id-certificate-20230823
-      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY:   apple_pay/stripe/staging/merchant-id-certificate-key-20230823
-      STRIPE_TEST_PUBLISHABLE_API_KEY:                stripe/staging/test/publishable-api-key
-      STRIPE_LIVE_PUBLISHABLE_API_KEY:                stripe/staging/test/publishable-api-key
-      SENTRY_DSN:                                     sentry/frontend_dsn
-      SENTRY_CSP_REPORT_URI:                          sentry/frontend_csp_report_uri
-    ledger:
-      DB_PASSWORD:                                  aws/rds/application_users/staging/ledger
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/staging/ledger_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/staging/ledger_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/ledger_dsn
-    products:
-      DB_PASSWORD:                                  aws/rds/application_users/staging/products
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/staging/products_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/staging/products_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/products_dsn
-    products-ui:
-      SENTRY_DSN:                                   sentry_io/products_ui_dsn
-      GOOGLE_RECAPTCHA_SECRET_KEY:                  google/test/captcha-secret-key
-      GOOGLE_RECAPTCHA_SITE_KEY:                    google/test/captcha-site-key
-    publicapi:
-      SENTRY_DSN:                                   sentry_io/publicapi_dsn
-      # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
-      # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
-      # TOKEN_API_HMAC_SECRET:                        ""
-    publicauth:
-      DB_PASSWORD:                                  aws/rds/application_users/staging/publicauth
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/staging/publicauth_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/staging/publicauth_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/publicauth_dsn
-      # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
-      # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
-      # TOKEN_DB_BCRYPT_SALT:                         ""
-      # TOKEN_API_HMAC_SECRET:                        ""
-    product-page:
-      pager_duty_cloudwatch_integration_url:        pager-duty/govuk-pay-product-page/amazon-cloudwatch-integration-url
-    terraform:
-      ADMINUSERS_RDS_PASSWORD:                      aws/rds/superuser/staging-2/adminusers/payment-password
-      CONNECTOR_RDS_PASSWORD:                       aws/rds/superuser/staging-2/connector/payment-password
-      LEDGER_RDS_PASSWORD:                          aws/rds/superuser/staging-2/ledger/payment-password
-      PRODUCTS_RDS_PASSWORD:                        aws/rds/superuser/staging-2/products/payment-password
-      PUBLICAUTH_RDS_PASSWORD:                      aws/rds/superuser/staging-2/publicauth/payment-password
-      WEBHOOKS_RDS_PASSWORD:                        aws/rds/superuser/staging-2/webhooks/payment-password # pragma: allowlist secret
-      ADMINUSERS_APP_RDS_PASSWORD:                  aws/rds/application_users/staging/adminusers
-      CONNECTOR_APP_RDS_PASSWORD:                   aws/rds/application_users/staging/connector1
-      LEDGER_APP_RDS_PASSWORD:                      aws/rds/application_users/staging/ledger
-      PRODUCTS_APP_RDS_PASSWORD:                    aws/rds/application_users/staging/products
-      PUBLICAUTH_APP_RDS_PASSWORD:                  aws/rds/application_users/staging/publicauth
-      WEBHOOKS_APP_RDS_PASSWORD:                    aws/rds/application_users/staging/webhooks # pragma: allowlist secret
-    selfservice:
-      ZENDESK_API_KEY:                              zendesk/api_key
-      ZENDESK_USER:                                 zendesk/user
-      STRIPE_ACCOUNT_API_KEY:                       stripe/staging/test/account-api-key
-      SENTRY_DSN:                                   sentry/selfservice_dsn
-    toolbox:
-      AUTH_GITHUB_CLIENT_ID:                        pay-toolbox/staging/github_client_id
-      AUTH_GITHUB_CLIENT_SECRET:                    pay-toolbox/staging/github_client_secret
-      STRIPE_ACCOUNT_API_KEY:                       stripe/staging/test/account-api-key
-      STRIPE_ACCOUNT_TEST_API_KEY:                  stripe/staging/test/account-api-key
-      SENTRY_DSN:                                   sentry/toolbox_dsn
-      ZENDESK_API_KEY:                              zendesk/api_key
-      ZENDESK_USER:                                 zendesk/user
-    webhooks:
-      DB_PASSWORD:                                  aws/rds/application_users/staging/webhooks # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/staging/webhooks_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/staging/webhooks_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/webhooks_dsn
-    webhooks_intrusion_monitoring:
-      pager_duty_cloudwatch_integration_url:        pager-duty/govuk-pay-staging-webhooks/amazon-cloudwatch-integration-url
-  staging:
-    alb_and_s3_logging_pipeline:
-      firehose_hec_token: splunk/firehose-hec-token
-  production-2:
-    adminusers:
-      DB_PASSWORD:                                  aws/rds/application_users/production/adminusers1
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/production/adminusers_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/production/adminusers_support_readwrite # pragma: allowlist secret
-      NOTIFY_API_KEY:                               notify/api_key/deploy/production.adminusers.notify_api_key
-      SENTRY_DSN:                                   sentry_io/adminusers_dsn
-    cardid:
-      SENTRY_DSN:                                   sentry_io/cardid_dsn
-    connector:
-      DB_PASSWORD:                                                       aws/rds/application_users/production/connector2
-      DB_SUPPORT_PASSWORD_READONLY:                                      aws/rds/support_readonly_users/production/connector_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                                     aws/rds/support_readwrite_users/production/connector_support_readwrite # pragma: allowlist secret
-      NOTIFY_API_KEY:                                                    notify/api_key/deploy/production.connector.notify_api_key
-      GDS_CONNECTOR_STRIPE_AUTH_TOKEN:                                   stripe/production/test/account-api-key
-      GDS_CONNECTOR_STRIPE_AUTH_LIVE_TOKEN:                              stripe/production/live/account-api-key
-      GDS_CONNECTOR_STRIPE_WEBHOOK_SIGN_SECRET:                          stripe/production/test/webhook-secret
-      GDS_CONNECTOR_STRIPE_WEBHOOK_LIVE_SIGN_SECRET:                     stripe/production/live/webhook-secret
-      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_LIVE_SIGN_SECRET: stripe/production/live/webhook-connect-events-secret
-      GDS_CONNECTOR_STRIPE_CONNECT_APPLICATION_WEBHOOK_TEST_SIGN_SECRET: stripe/production/test/webhook-connect-events-secret
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE:                 apple_pay/worldpay/production/payment-processing-certificate-20230906
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY:                 apple_pay/worldpay/production/payment-processing-private-key-20230906 # pragma: allowlist secret
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE_SECONDARY:       apple_pay/worldpay/production/payment-processing-certificate-20230906
-      WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY_SECONDARY:       apple_pay/worldpay/production/payment-processing-private-key-20230906 # pragma: allowlist secret
-      SENTRY_DSN:                                                        sentry_io/connector_dsn
-      SANDBOX_AUTH_TOKEN:                                                smoke-test-api-token/notifications/production_sandbox_auth_token
-    frontend:
-      WORLDPAY_APPLE_PAY_MERCHANT_ID:                 apple_pay/worldpay/production/merchant-id
-      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE:     apple_pay/worldpay/production/merchant-id-certificate-20240730
-      WORLDPAY_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY: apple_pay/worldpay/production/merchant-id-certificate-key-20240730
-      STRIPE_APPLE_PAY_MERCHANT_ID:                   apple_pay/stripe/production/merchant-id
-      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE:       apple_pay/stripe/production/merchant-id-certificate-20240730
-      STRIPE_APPLE_PAY_MERCHANT_ID_CERTIFICATE_KEY:   apple_pay/stripe/production/merchant-id-certificate-key-20240730
-      STRIPE_TEST_PUBLISHABLE_API_KEY:                stripe/production/test/publishable-api-key
-      STRIPE_LIVE_PUBLISHABLE_API_KEY:                stripe/production/live/publishable-api-key
-      SENTRY_DSN:                                     sentry/frontend_dsn
-      SENTRY_CSP_REPORT_URI:                          sentry/frontend_csp_report_uri
-      GOOGLE_PAY_MERCHANT_ID:                         google_pay/merchant_identifier
-      GOOGLE_PAY_MERCHANT_ID_2:                       google_pay/merchant_identifier_2
-    ledger:
-      DB_PASSWORD:                                  aws/rds/application_users/production/ledger
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/production/ledger_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/production/ledger_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/ledger_dsn
-    network:
-      PAGER_DUTY_CLOUDWATCH_ALB_INTEGRATION_URL:    pager-duty/govuk-pay-cloudwatch-alb/amazon-cloudwatch-integration-url
-    product-page:
-      pager_duty_cloudwatch_integration_url:        pager-duty/govuk-pay-product-page/amazon-cloudwatch-integration-url
-    products:
-      DB_PASSWORD:                                  aws/rds/application_users/production/products
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/production/products_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/production/products_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/products_dsn
-    products-ui:
-      SENTRY_DSN:                                   sentry_io/products_ui_dsn
-      GOOGLE_RECAPTCHA_SECRET_KEY:                  google/production/captcha-secret-key
-      GOOGLE_RECAPTCHA_SITE_KEY:                    google/production/captcha-site-key
-      GOOGLE_RECAPTCHA_ENTERPRISE_PROJECT_ID:       google/production/captcha-enterprise-project-id
-    publicapi:
-      SENTRY_DSN:                                   sentry_io/publicapi_dsn
-    publicauth:
-      DB_PASSWORD:                                  aws/rds/application_users/production/publicauth
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/production/publicauth_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/production/publicauth_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/publicauth_dsn
-      # These secrets are used by the app, but having them set to an empty string tries to overwrite working secrets with
-      # the words 'Password Store'. They are not in pay-low-pass, so for now to stop them being overwritten I'm commenting them out
-      # TOKEN_DB_BCRYPT_SALT:                         ""
-      # TOKEN_API_HMAC_SECRET:                        ""
-    terraform:
-      ADMINUSERS_RDS_PASSWORD:                      aws/rds/superuser/production-2/adminusers/payment-password
-      CONNECTOR_RDS_PASSWORD:                       aws/rds/superuser/production-2/connector/payment-password
-      LEDGER_RDS_PASSWORD:                          aws/rds/superuser/production-2/ledger/payment-password
-      PRODUCTS_RDS_PASSWORD:                        aws/rds/superuser/production-2/products/payment-password
-      PUBLICAUTH_RDS_PASSWORD:                      aws/rds/superuser/production-2/publicauth/payment-password
-      WEBHOOKS_RDS_PASSWORD:                        aws/rds/superuser/production-2/webhooks/payment-password # pragma: allowlist secret
-      ADMINUSERS_APP_RDS_PASSWORD:                  aws/rds/application_users/production/adminusers
-      CONNECTOR_APP_RDS_PASSWORD:                   aws/rds/application_users/production/connector2
-      LEDGER_APP_RDS_PASSWORD:                      aws/rds/application_users/production/ledger
-      PRODUCTS_APP_RDS_PASSWORD:                    aws/rds/application_users/production/products
-      PUBLICAUTH_APP_RDS_PASSWORD:                  aws/rds/application_users/production/publicauth
-      WEBHOOKS_APP_RDS_PASSWORD:                    aws/rds/application_users/production/webhooks # pragma: allowlist secret
-    selfservice:
-      ZENDESK_API_KEY:                              zendesk/api_key
-      ZENDESK_USER:                                 zendesk/user
-      STRIPE_ACCOUNT_API_KEY:                       stripe/production/live/account-api-key
-      SENTRY_DSN:                                   sentry/selfservice_dsn
-    toolbox:
-      AUTH_GITHUB_CLIENT_ID:                        pay-toolbox/production/github_client_id
-      AUTH_GITHUB_CLIENT_SECRET:                    pay-toolbox/production/github_client_secret
-      STRIPE_ACCOUNT_API_KEY:                       stripe/production/live/account-api-key
-      STRIPE_ACCOUNT_TEST_API_KEY:                  stripe/production/test/account-api-key
-      SENTRY_DSN:                                   sentry/toolbox_dsn
-      ZENDESK_API_KEY:                              zendesk/api_key
-      ZENDESK_USER:                                 zendesk/user
-    webhooks:
-      DB_PASSWORD:                                  aws/rds/application_users/production/webhooks # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READONLY:                 aws/rds/support_readonly_users/production/webhooks_support_readonly # pragma: allowlist secret
-      DB_SUPPORT_PASSWORD_READWRITE:                aws/rds/support_readwrite_users/production/webhooks_support_readwrite # pragma: allowlist secret
-      SENTRY_DSN:                                   sentry_io/webhooks_dsn
-    webhooks_intrusion_monitoring:
-      pager_duty_cloudwatch_integration_url:        pager-duty/govuk-pay/amazon-cloudwatch-integration-url
-  production:
-    alb_and_s3_logging_pipeline:
-      firehose_hec_token: splunk/firehose-hec-token
-
-
-# secrets here are just regular values
-# value[env][service][key] = value
-value:
-  deploy:
-    cd-pay-deploy:
-      pay_aws_deploy_account_id:        "424875624006"
-      pay_aws_prod_account_id:          "092359438320"
-      pay_aws_production_account_id:    "092359438320"
-      pay_aws_staging_account_id:       "888564216586"
-      pay_aws_test_account_id:          "223851549868"
-      pay-team-manual/github-username:  "alphagov-pay-ci-concourse"
-      internal-vulnerability-scan/jira-base-url: "https://payments-platform.atlassian.net"
-    cd-pay-dev:
-      pay_aws_deploy_account_id:  "424875624006"
-      pay_aws_staging_account_id: "888564216586"
-      pay_aws_test_account_id:    "223851549868"
-      pay_aws_dev_account_id:     "673337093959"  # pragma: allowlist secret
-  dev-fg-1:
-    terraform:
-      PERF_ENV: "false"
-      # These are not used in dev-fg-1 but are required by terraform make so lets make them bogus values
-      # which will fail if we try to create with them. See
-      # https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints for
-      # dissallowed characters which we use here to ensure they are never usable passwords
-      ADMINUSERS_RDS_PASSWORD: "/"    # pragma: allowlist secret
-      CONNECTOR_RDS_PASSWORD: "/"     # pragma: allowlist secret
-      LEDGER_RDS_PASSWORD: "/"        # pragma: allowlist secret
-      PRODUCTS_RDS_PASSWORD: "/"      # pragma: allowlist secret
-      PUBLICAUTH_RDS_PASSWORD: "/"    # pragma: allowlist secret
-  deploy-tooling:
-    pact-broker:
-      DB_USER: "pact_broker"
-      DB_SUPPORT_USER_READONLY: "pact_broker_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "pact_broker_support_readwrite"
-  test-12:
-    adminusers:
-      DB_USER: "adminusers1"
-      DB_SUPPORT_USER_READONLY: "adminusers_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "adminusers_support_readwrite"
-      NOTIFY_SECRET: ""
-    connector:
-      DB_USER: "connector2"
-      DB_SUPPORT_USER_READONLY: "connector_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "connector_support_readwrite"
-      NOTIFY_SECRET: ""
-    frontend:
-      AB_TEST_THRESHOLD:      "50"
-      GOOGLE_PAY_MERCHANT_ID: "value-not-set"
-      GOOGLE_PAY_MERCHANT_ID_2: "value-not-set"
-    ledger:
-      DB_USER: "ledger"
-      DB_SUPPORT_USER_READONLY: "ledger_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "ledger_support_readwrite"
-    webhooks:
-      DB_USER: "webhooks"
-      DB_SUPPORT_USER_READONLY: "webhooks_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "webhooks_support_readwrite"
-    publicauth:
-      DB_USER: "publicauth1"
-      DB_SUPPORT_USER_READONLY: "publicauth_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "publicauth_support_readwrite"
-    products:
-      DB_USER: "products"
-      DB_SUPPORT_USER_READONLY: "products_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "products_support_readwrite"
-    toolbox:
-      AUTH_GITHUB_VIEW_ONLY_TEAM_ID: "3304536"
-      AUTH_GITHUB_USER_SUPPORT_TEAM_ID: "3304536"
-      AUTH_GITHUB_ADMIN_TEAM_ID: "3304536"
-    terraform:
-      PERF_ENV: "false"
-  test-perf-1:
-    adminusers:
-      DB_USER: "adminusers"
-      DB_SUPPORT_USER_READONLY: "adminusers_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "adminusers_support_readwrite"
-      NOTIFY_SECRET: ""
-    connector:
-      DB_USER: "connector"
-      DB_SUPPORT_USER_READONLY: "connector_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "connector_support_readwrite"
-      NOTIFY_SECRET: ""
-    frontend:
-      AB_TEST_THRESHOLD:      "50"
-      GOOGLE_PAY_MERCHANT_ID: "value-not-set"
-      GOOGLE_PAY_MERCHANT_ID_2: "value-not-set"
-    ledger:
-      DB_USER: "ledger"
-      DB_SUPPORT_USER_READONLY: "ledger_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "ledger_support_readwrite"
-    publicauth:
-      DB_USER: "publicauth"
-      DB_SUPPORT_USER_READONLY: "publicauth_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "publicauth_support_readwrite"
-    products:
-      DB_USER: "products"
-      DB_SUPPORT_USER_READONLY: "products_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "products_support_readwrite"
-    terraform:
-      PERF_ENV: "true"
-    toolbox:
-      AUTH_GITHUB_CLIENT_ID:
-      AUTH_GITHUB_CLIENT_SECRET:
-      AUTH_GITHUB_VIEW_ONLY_TEAM_ID: "3304536"
-      AUTH_GITHUB_USER_SUPPORT_TEAM_ID: "3304536"
-      AUTH_GITHUB_ADMIN_TEAM_ID: "3304536"
-    webhooks:
-      DB_USER: "webhooks"
-      DB_SUPPORT_USER_READONLY: "webhooks_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "webhooks_support_readwrite"
-  staging-2:
-    adminusers:
-      DB_USER: "adminusers1"
-      DB_SUPPORT_USER_READONLY: "adminusers_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "adminusers_support_readwrite"
-      NOTIFY_SECRET: ""
-    connector:
-      DB_USER: "connector1"
-      DB_SUPPORT_USER_READONLY: "connector_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "connector_support_readwrite"
-      NOTIFY_SECRET: ""
-    frontend:
-      AB_TEST_THRESHOLD:      "50"
-      GOOGLE_PAY_MERCHANT_ID: "value-not-set"
-      GOOGLE_PAY_MERCHANT_ID_2: "value-not-set"
-    ledger:
-      DB_USER: "ledger"
-      DB_SUPPORT_USER_READONLY: "ledger_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "ledger_support_readwrite"
-    publicauth:
-      DB_USER: "publicauth1"
-      DB_SUPPORT_USER_READONLY: "publicauth_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "publicauth_support_readwrite"
-    products:
-      DB_USER: "products"
-      DB_SUPPORT_USER_READONLY: "products_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "products_support_readwrite"
-    toolbox:
-      AUTH_GITHUB_VIEW_ONLY_TEAM_ID: "3304500"
-      AUTH_GITHUB_USER_SUPPORT_TEAM_ID: "3304500"
-      AUTH_GITHUB_ADMIN_TEAM_ID: "3304500"
-    terraform:
-      PERF_ENV: "false"
-    webhooks:
-      DB_USER: "webhooks"
-      DB_SUPPORT_USER_READONLY: "webhooks_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "webhooks_support_readwrite"
-  production-2:
-    adminusers:
-      DB_USER: "adminusers1"
-      DB_SUPPORT_USER_READONLY: "adminusers_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "adminusers_support_readwrite"
-      NOTIFY_SECRET: ""
-    connector:
-      DB_USER: "connector2"
-      DB_SUPPORT_USER_READONLY: "connector_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "connector_support_readwrite"
-      NOTIFY_SECRET: ""
-    frontend:
-      AB_TEST_THRESHOLD:     "50"
-    ledger:
-      DB_USER: "ledger"
-      DB_SUPPORT_USER_READONLY: "ledger_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "ledger_support_readwrite"
-    publicauth:
-      DB_USER: "publicauth1"
-      DB_SUPPORT_USER_READONLY: "publicauth_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "publicauth_support_readwrite"
-    products:
-      DB_USER: "products"
-      DB_SUPPORT_USER_READONLY: "products_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "products_support_readwrite"
-    toolbox:
-      AUTH_GITHUB_VIEW_ONLY_TEAM_ID: "7196958"
-      AUTH_GITHUB_USER_SUPPORT_TEAM_ID: "3304532"
-      AUTH_GITHUB_ADMIN_TEAM_ID: "3320243"
-    terraform:
-      PERF_ENV: "false"
-    webhooks:
-      DB_USER: "webhooks"
-      DB_SUPPORT_USER_READONLY: "webhooks_support_readonly"
-      DB_SUPPORT_USER_READWRITE: "webhooks_support_readwrite"