Add field level encryption environment variables

alphagov · Feb 20, 2020 · 5e62cc7 · 5e62cc7
1 parent f0dbfee
commit 5e62cc7
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 6 deletions.
diff --git a/env-map.yml b/env-map.yml
@@ -1,7 +1,10 @@
 env_vars:
-  ADMINUSERS_URL:         '.[][] | select(.name == "app-catalog") | .credentials.adminusers_url'
-  CARDID_HOST:            '.[][] | select(.name == "app-catalog") | .credentials.cardid_url'
-  CONNECTOR_HOST:         '.[][] | select(.name == "app-catalog") | .credentials.card_connector_url'
-  FRONTEND_URL:           '.[][] | select(.name == "app-catalog") | .credentials.card_frontend_url'
-  SESSION_ENCRYPTION_KEY: '.[][] | select(.name == "card-frontend-secret-service") | .credentials.card_frontend_session_encryption_key'
-  ANALYTICS_TRACKING_ID:  '.[][] | select(.name == "card-frontend-secret-service") | .credentials.card_frontend_analytics_tracking_id'
+  ADMINUSERS_URL:                  '.[][] | select(.name == "app-catalog") | .credentials.adminusers_url'
+  CARDID_HOST:                     '.[][] | select(.name == "app-catalog") | .credentials.cardid_url'
+  CONNECTOR_HOST:                  '.[][] | select(.name == "app-catalog") | .credentials.card_connector_url'
+  FRONTEND_URL:                    '.[][] | select(.name == "app-catalog") | .credentials.card_frontend_url'
+  SESSION_ENCRYPTION_KEY:          '.[][] | select(.name == "card-frontend-secret-service") | .credentials.card_frontend_session_encryption_key'
+  ANALYTICS_TRACKING_ID:           '.[][] | select(.name == "card-frontend-secret-service") | .credentials.card_frontend_analytics_tracking_id'
+  DECRYPT_CARD_DATA_PRIVATE_KEY:   '.[][] | select(.name == "card-frontend-secret-service") | .credentials.field_level_encryption_private_key'
+  DECRYPT_CARD_DATA_KEY_NAME:      '.[][] | select(.name == "card-frontend-secret-service") | .credentials.field_level_encryption_key_name'
+  DECRYPT_CARD_DATA_KEY_NAMESPACE: '.[][] | select(.name == "card-frontend-secret-service") | .credentials.field_level_encryption_key_namespace'
diff --git a/manifest.yml b/manifest.yml
@@ -27,3 +27,7 @@ applications:
       # These are provided via bound card-frontend-secret-service, see `env-map.yml`
       SESSION_ENCRYPTION_KEY: ""
       ANALYTICS_TRACKING_ID: ""
+      DECRYPT_AND_OMIT_CARD_DATA: true
+      DECRYPT_CARD_DATA_PRIVATE_KEY: ""
+      DECRYPT_CARD_DATA_KEY_NAME: ""
+      DECRYPT_CARD_DATA_KEY_NAMESPACE: ""