Dynamically generate DJANGO_SECRET_KEY for initial deployments

scripts/copy-login-gov-keypair.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+###
+# Copies Login.gov JWT_KEY + JWT_CERT from one Cloud.gov application to another.
+#
+SOURCE_APP=${1}
+DEST_APP=${2}
+
+set -e
+
+SOURCE_APP_GUID=$(cf app "$SOURCE_APP" --guid)
+SOURCE_APP_ENV=$(cf curl "/v2/apps/$SOURCE_APP_GUID/env")
+ENVIRONMENT_JSON=$(printf '%s\n' "$SOURCE_APP_ENV" | jq -r '.environment_json')
+
+JWT_KEY=$(echo "$ENVIRONMENT_JSON" | jq -r '.JWT_KEY')
+JWT_CERT=$(echo "$ENVIRONMENT_JSON" | jq -r '.JWT_CERT')
+
+echo "JWT_KEY: $JWT_KEY"
+echo "JWT_CERT: $JWT_CERT"
+
+if [ -n "$DEST_APP" ];then
+    echo "Copying JWT key and cert from $SOURCE_APP to $DEST_APP..."
+    cf set-env "$DEST_APP" JWT_KEY "$JWT_KEY"
+    cf set-env "$DEST_APP" JWT_CERT "$JWT_CERT"
+
+    echo "Restaging $DEST_APP..."
+    cf restage "$DEST_APP"
+fi

scripts/set-backend-env-vars.sh

@@ -19,6 +19,9 @@ else
   FRONTEND_BASE_URL="$DEFAULT_FRONTEND_ROUTE"
 fi
 
+# Dynamically generate a new DJANGO_SECRET_KEY
+DJANGO_SECRET_KEY=$(python -c "from secrets import token_urlsafe; print(token_urlsafe(50))")
+
 echo "Setting environment variables for $CGAPPNAME_BACKEND"
 
 cf set-env "$CGAPPNAME_BACKEND" ACR_VALUES "$ACR_VALUES"

tdrs-backend/tdpservice/settings/common.py

@@ -5,6 +5,7 @@
 import os
 from distutils.util import strtobool
 from os.path import join
+from secrets import token_urlsafe
 
 from configurations import Configuration
 
@@ -106,7 +107,7 @@ class Common(Configuration):
 
     ALLOWED_HOSTS = ["*"]
     ROOT_URLCONF = "tdpservice.urls"
-    SECRET_KEY = os.environ["DJANGO_SECRET_KEY"]
+    SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", token_urlsafe(50))
     WSGI_APPLICATION = "tdpservice.wsgi.application"
     CORS_ORIGIN_ALLOW_ALL = True