Skip to content

Switch out cf environment variables

Jump to bottom
Laura Beaufort edited this page Aug 10, 2022 · 6 revisions

For things like what RDS, or api url an app points to we use a cf-service to safely hold our passwords. Here is how you would change a setting for the API on the dev space. Do this outside the your git repo on your computer to make it harder to accidentally check these files in.

Target the space you're working on:

cf target -s dev

Then dump the environment into a file

cf env api > dev.env.json

Open the file, find the "user-provided" dictionary, and find the "credentials" dictionary within it. Note: There may be two blocks - choose the block with the value you want to update, and note the instance_name of the block. Below is an example of what this looks like:

 "user-provided": [ 
   {
     "credentials": {
          "ENV_VAR_NAME": "super-secret-password",
          "ENV_VAR_NAME_2": "route-to-something",
          "ENV_VAR_NAME_15": "super-secret-password"
           .... A bunch of other creds ....
     }
   }

Delete everything in the file except for the "credentials" dictionary block, that's the text between the {} in the credentials dictionary.

Then edit the credentials dictionary to change ONLY the value of the credentials that you want to modify. Make sure to only change the credentials you're editing, and leave the rest of them as-is. Your file should look like:

{
    "ENV_VAR_NAME": "your-new-super-secret-password",
    "ENV_VAR_NAME_2": "route-to-something",
    .... don't change all the other ones....
    "ENV_VAR_NAME_15": "super-secret-password"
}

Save your file and update the service:

cf uups fec-creds-dev -p ./dev.env.json

Confirm changes took with

cf env api

Rebuild the app in CircleCI because cf restage causes downtime. Disregard the restage "tip" from cloud foundry. No need to rebuild the app if you are removing variables no longer in use.

rm dev.env.json

Delete dev.env.json and make sure you never check this file into version control.

If you're updating API keys make sure to update the in fec-accounts: https://github.com/fecgov/fec-accounts/wiki/API-public-and-private-key-information

Clone this wiki locally