-
Notifications
You must be signed in to change notification settings - Fork 126
How to Rotate New Relic License Key
Jin Sun edited this page Feb 11, 2025
·
1 revision
This guide provides step-by-step instructions for rotating the New Relic license key in a cloud.gov environment.
- Navigate to the New Relic API Keys page.
- Click Create New Key.
- Set the following details:
Type: INGEST-LICENSE Name: cloud.gov app log Notes: <date> created - Copy the newly generated license key.
-
Run the following command to get the current New Relic license key details:
cf env inventory | grep -i relic -C 11 -
Copy all credentials and save them to a local file, e.g., secrets.json.
-
Update the NEW_RELIC_LICENSE_KEY field in the JSON file with New Key:
{ ... "NEW_RELIC_LICENSE_KEY": <NEW_KEY_HERE>, ... }
-
Target the appropriate space (development/staging/prod)
cf t -s xxx -
Update user-provided service instances with the new secrets:
development space: cf uups inventory-secrets -p dev-inventory-secrets.json cf uups catalog-secrets -p dev-catalog-secrets.json staging space: cf uups inventory-secrets -p staging-inventory-secrets.json cf uups catalog-secrets -p staging-catalog-secrets.json prod space: cf uups inventory-secrets -p prod-inventory-secrets.json cf uups catalog-secrets -p prod-catalog-secrets.json -
Note: Development environment: apps must be restarted manually. Staging and Prod environment: GitHub Actions will restart the apps automatically.
For other non-inventory and catalog apps, check and update their secrets separately. Repeat step2 and step3:
catalog-secrets
datagov-harvest-secrets
catalog-next-secrets
- Target the appropriate space (development-ssb/management-staging/management)
- Update the New Relic license environment variable
cf t -s <development-ssb/management-staging/management> cf set-env logstack-shipper NEWRELIC_LICENSE_KEY <NEW_KEY> cf rs logstack-shipper
After verify the new log entries appear in the New Relic Logs, delete old key from New Relic API Keys page.