Suspicious Exposed Keys
- Jayanta Saha
- Doris.Wong
- Andy Nash (Unlicensed)
- Philip Wilsdon (Unlicensed)
Branch: fix/removeJwtSecretKeyRelates to the following
https://hee-tis.atlassian.net/browse/TISNEW-5214
https://hee-tis.atlassian.net/browse/TISNEW-5269
2020-08-07 Passwords for our services exposed in our PR's
TIS Legacy Repos
Repository Name | Credentials Exposed | Secret Name | Where | Comment |
TIS-TCS | Yes | jwtSecretKey | https://github.com/Health-Education-England/TIS-TCS/blob/master/tcs-service/.yo-rc.json | Branch: fix/removeJwtSecretKey PR raised. Merged. |
TIS-TCS | Yes | azure.accountName, | Branch: fix/removeAzureKey Primary intention is to remove the credentials from the code. However, developers might need those credentials if they want to test the upload function locally. Discussion is done on 23rd Sept 2020. Merged. | |
TIS-TCS | Yes | kc.realm, | Branch: chore/removeKcKey Updated by Andy. Merged | |
TIS-TCS | Yes | jhipster.security.authentication.jwt.secret | Branch: fix/removeJwtSecretKey Merged | |
TIS-TCS | Yes | jhipster.security.authentication.jwt.secret | Commented out originally. PR raised. Merged. | |
TIS-TCS | Yes | jhipster.security.authentication.jwt.secret | Branch: fix/removeJwtSecretKey PR raised. Merged. | |
TIS-TCS | Yes | azure.accountName, | Added the keys in Jenkins credentials for the pipeline unit test. Need a team discussion how to run the tests locally. We know how to put the env vars in Jenkinsfile. Discussion was done on 23rd Sept 2020. Merged. Added instruction in Readme file to get the secrets fro Azure Access key before running test | |
TIS-TCS | Yes | kc.realm, | Branch: chore/removeKcKey Updated by Andy Merged | |
TIS-Profile | Yes | jhipster.security.authentication.jwt.secret | Branch: fix/removeJwtSecret Merged. | |
TIS-Profile | Yes | jhipster.security.authentication.jwt.secret | Branch: fix/removeJwtSecret Merged. | |
TIS-Reference | Yes | jhipster.security.authentication.jwt.secret | Branch: Merged. | |
TIS-Reference | Yes | jhipster.security.authentication.jwt.secret | Branch: Merged. | |
TIS-USERMANAGEMENT | Yes | kc.realm, | Branch: fix/removeKcSecret Merged. | |
TIS-ADMINS-UI | Yes | login.username, | https://github.com/Health-Education-England/TIS-ADMINS-UI/blob/master/protractor.conf.js | No required |
TIS-ADMINS-UI | Yes | login.username, | https://github.com/Health-Education-England/TIS-ADMINS-UI/blob/master/smoke.test.conf.js | No required |
TIS-ADMINS-UI | Yes | slackSend channel.token | https://github.com/Health-Education-England/TIS-ADMINS-UI/blob/master/Jenkinsfile | Branch: chore/removeSlackToken
|
TIS-ASSESSMENTS | Yes | kc.realm, | Branch: fix/removeKcSecret PR raised. Merged. | |
TIS-ASSESSMENTS | Yes | kc.realm, | Discussion was done on 23rd Sept 2020. Branch: fix/removeKcSecret Merged. | |
TIS-ASSESSMENTS | Yes | jhipster.security.authentication.jwt.secret | Branch: PR raised. Merged. | |
TIS-ASSESSMENTS | Yes | jhipster.security.authentication.jwt.secret | Branch: PR raised. Merged. | |
TIS-ASSESSMENTS | Yes | jhipster.security.authentication.jwt.secret | Branch: PR raised. Merged. | |
TIS-ASSESSMENTS | Yes | jhipster.security.authentication.jwt.secret | Branch: PR raised. Merged. | |
TIS-GENERIC-UPLOAD | Yes | kc.realm, | Branch: fix/removeKcSecret PR raised. Merged. | |
TIS-GENERIC-UPLOAD | Yes | azure.accountName, | Branch: fix/removeAzureKey PR raised. Merged. | |
TISGENERIC-UPLOAD | Yes | jhipster.security.authentication.jwt.secret | Branch: PR raised. Merged. | |
TISGENERIC-UPLOAD | Yes | jhipster.security.authentication.jwt.secret | Branch: PR raised. Merged. | |
TISGENERIC-UPLOAD | Yes | azure.accountName, | Branch: fix/removeAzureKey PR raised. Merged. | |
TISGENERIC-UPLOAD | Yes | jhipster.security.authentication.jwt.secret | Branch: PR raised. Merged. | |
TIS-NDW-ETL | Yes | datasource.tis, | Branch: fix/removeDatasourceSecret TIS-DEVOPS: chore/updateNdwVersion Checked on 7 Oct 20 after the NDW nightly sync (image number Merged | |
ESR-ETL | Yes | kc.realm, | Branch: chore/removeKcSecret Update TIS-DEVOPS stage and prod 1.6.3.final Merged | |
ESR-ETL | Yes | azure.accountName, | Branch: removeAzureKey Update TIS-DEVOPS stage and prod 1.6.4.final Merged. | |
ESR-ETL | Yes | kc.realm, | Branch: chore/removeKcCred PR raised. TIS-DEVOPS Branch update-esr-etl-to-stage-and-prod (merged) On 6 Oct2020, at 3:30pm we checked in stage and prod the version of the etl is 1.6.1.final | |
ESR-ETL | Yes | azure.accountName, | Branch: chore/removeAzureKey PR raised and merged with master Update TIS-DEVOPS stage and prod 1.6.2.final Merged | |
ESR-ETL | Yes | kc.realm, | Branch: chore/removeKcCred PR raised. TIS-DEVOPS Branch update-esr-etl-to-stage-and-prod (merged) On 6 Oct2020, at 3:30pm we checked in stage and prod the version of the etl is 1.6.1.final | |
ESR-ETL | Yes | azure.accountName, | Branch: chore/removeAzureKey PR raised and merged with master Update TIS-DEVOPS stage and prod 1.6.2.final Merged. | |
ESR-ETL | Yes | kc.realm, | Branch: chore/removeKcSecret PR raised. Update TIS-DEVOPS stage and prod 1.6.3.final Merged. | |
ESR-ETL | Yes | azure.accountName, | Branch: removeAzureKey Update TIS-DEVOPS stage and prod 1.6.4.final Merged. | |
ESR | Yes | kc.realm, | Branch: chore/removeKcCredentials chore/removeKcUrl PR Raised TIS-DEVOPS Branch: push-esr-change-to-stage-and-prod Merged | |
ESR | Yes | kc.realm, | Branch: chore/removeKcCredentials PR Raised TIS-DEVOPS Branch: push-esr-change-to-stage-and-prod Merged | |
ESR | Yes | jhipster.security.authentication.jwt.secret | Branch: removeJWTSecret https://github.com/Health-Education-England/TIS-DEVOPS/pull/980 Merged | |
ESR | Yes | kc.realm, | Branch: chore/removeKcSecret Merged. Changed the DEVOPS for the version number Merged | |
TIS-REVALIDATION | Yes | security.user.password | Branch: fix/removeSecurityUserPassword Merged. | |
TIS-SHARED-MODULE | No |
|
|
|
TIS-GMC-SYNC | Yes | gmc.username, | Branch: chore/removeGmcSecret Merged. | |
TIS-GMC-SYNC | Yes | kc.realm, | Branch: chore/removeKcSecret Branch for fixing pipeline: chore/fixJenkins Merged. | |
TIS-INTREPID-REVAL-ETL | Yes | kc.realm, | Branch Name: PR Raised and merged with master
Merged | |
TIS-INTREPID-REVAL-ETL | Yes | kc.realm, | Branch Name: PR Raised and merged with master
Merged | |
TIS-CONCERNS | Yes | azure.accountName, | Branch: fix/removeAzureKey Merged. | |
TIS-CONCERNS | Yes | azure.accountName, | Branch: fix/removeAzureKey Merged. | |
TIS-CONNECTION-DISCREPANCIE | No |
|
|
|
TIS-NOTIFICATIONS | No |
|
|
|
TIS-SYNC | Yes | kc.server.url, | Branch: chore-remove-exposed-creds Merged. Checked in dev-monitoring channel after nightly sync | |
TIS-SYNC | Yes | kc.server.url, | Branch: chore-remove-exposed-creds Merged. Checked in dev-monitoring channel after nightly sync | |
TIS-SYNC | Yes | azure.accountName, | Branch: chore-remove-exposed-creds Merged. Checked in dev-monitoring channel after nightly sync | |
TIS-SYNC | Yes | azure.accountName, | Branch: chore-remove-exposed-creds Merged. Checked in dev-monitoring channel after nightly sync | |
TIS-SYNC | Yes | jhipster.security.authentication.jwt.secret | Branch: chore-remove-exposed-creds Merged. Checked in dev-monitoring channel after nightly sync | |
TIS-SYNC | Yes | jhipster.security.authentication.jwt.secret | Branch: chore-remove-exposed-creds Merged. Checked in dev-monitoring channel after nightly sync |
ESR Bi-Di
Repository Name | Credentials Exposed | Secret Name | Where | Comment |
TIS-EsrReconciliationService | Yes | userRemoteConfigs.credentialsId | https://github.com/Health-Education-England/TIS-EsrReconciliationService/blob/master/Jenkinsfile | NO NEED TO CHANGE |
TIS-EsrMockData | Yes | userRemoteConfigs.credentialsId | https://github.com/Health-Education-England/TIS-EsrMockData/blob/master/Jenkinsfile | NO NEED TO CHANGE |
TIS-EsrAuditService | Yes | userRemoteConfigs.credentialsId | https://github.com/Health-Education-England/TIS-EsrAuditService/blob/master/Jenkinsfile | NO NEED TO CHANGE |
TIS-EsrTheGreatMigrate | Yes | userRemoteConfigs.credentialsId | https://github.com/Health-Education-England/TIS-EsrTheGreatMigrate/blob/master/Jenkinsfile | NO NEED TO CHANGE |
TIS-EsrDataExportService | Yes | aws.access.key.id, | Branch: chore/removeAwsAccessKey PR raised Merged | |
TIS-EsrDataExportService | Yes | aws.access.key.id, | NO NEED TO CHANGE | |
TIS-EsrDataExportService | Yes | userRemoteConfigs.credentialsId | https://github.com/Health-Education-England/TIS-EsrDataExportService/blob/master/Jenkinsfile | NO NEED TO CHANGE |
TIS-EsrNotificationGeneratorService | Yes | userRemoteConfigs.credentialsId | NO NEED TO CHANGE | |
TIS-EsrInboundDataReaderService | Yes | azure.accountName, | Branch: chore/removeAzureKey Merged. | |
TIS-EsrInboundDataReaderService | Yes | aws.accessKeyId, | Branch: chore/removeAwsSecret Merged | |
TIS-EsrInboundDataReaderService | Yes | azure.accountName, | Branch: chore/removeAzureKey Merged. | |
TIS-EsrInboundDataReaderService | Yes | userRemoteConfigs.credentialsId | https://github.com/Health-Education-England/TIS-EsrInboundDataReaderService/blob/master/Jenkinsfile | NO NEED TO CHANGE |
TIS-EsrInboundDataWriterService | Yes | userRemoteConfigs.credentialsId | https://github.com/Health-Education-England/TIS-EsrInboundDataWriterService/blob/master/Jenkinsfile | NO NEED TO CHANGE |
TIS Self Service
snipRepository Name | Credentials Exposed | Secret Name | Where |
tis-trainee-details | No |
|
|
tis-trainee-forms | No |
|
|
tis-trainee-sync | No |
|
|
tis-trainee-reference | No |
|
|
trainee-ui | No |
|
|
Revalidation (New)
Repository Name | Credentials Exposed | Secret Name | Where | Comment |
tis-revaliation-core | No |
|
|
|
tis-revaliation-integration | No |
|
|
|
tis-revalidation-integration | Yes | kc.realm, | Branch: fix/removeKcSecret PR raised. Merged. | |
TIS-REVALIDATION-V2 | Yes | userPoolId, | NO NEED TO CHANGE, As this is a FE repo, these credentials will be exposed to the public anyway. | |
tis-revalidation-concerns | No |
|
|
|
TIS-GMC-client | No |
|
|
|
tis-common-upload | No |
|
|
|
TCS-reval-mock | No |
|
|
|
REVALIDATION-COMBINE | No |
|
|
|
GMC-CONNECT-MOCK | No |
|
|
|
TIS-HEE-REVALIDATION | No |
|
|
|
tis-revalidation-connection | No |
|
|
|
Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213