From 558d4634d07454691489dbc6ffd292e0337c2f98 Mon Sep 17 00:00:00 2001
From: Rajesh Kumaravel <rajesh.kumaravel@tarento.com>
Date: Wed, 13 Jan 2021 17:52:52 +0530
Subject: [PATCH] Issue #SB-22354 fix: Added env variable for portal session
 secret key (#2157)

* Issue #SB-20650 fix: Added anonymous user TTL value

* Issue #SB-20650 fix: Updated anonymous user TTL to 30 minutes

* Issue #SB-22354 fix: Added env variable for API whitelist flag

* Issue #SB-22354 fix: Added env variable for portal session secret key
---
 ansible/roles/stack-sunbird/templates/sunbird_player.env | 6 ++++++
 private_repo/ansible/inventory/dev/Core/secrets.yml      | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/ansible/roles/stack-sunbird/templates/sunbird_player.env b/ansible/roles/stack-sunbird/templates/sunbird_player.env
index 5270de2f1..058f5ceb8 100644
--- a/ansible/roles/stack-sunbird/templates/sunbird_player.env
+++ b/ansible/roles/stack-sunbird/templates/sunbird_player.env
@@ -147,3 +147,9 @@ sunbird_anonymous_session_ttl={{sunbird_anonymous_session_ttl|default(1800000)}}
 
 # api whitelisting for sunbird portal
 sunbird_enable_api_whitelist={{sunbird_enable_api_whitelist|default('true')}}
+
+# sunbird session secret key
+# Changing the secret value will invalidate all existing sessions.
+# In order to rotate the secret without invalidating sessions, provide an array of secrets,
+# with the new secret as first element of the array, and followed by previous secrets.
+sunbird_portal_session_secret={{sunbird_portal_session_secret}}
\ No newline at end of file
diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml
index 3a80841d6..199c25f91 100644
--- a/private_repo/ansible/inventory/dev/Core/secrets.yml
+++ b/private_repo/ansible/inventory/dev/Core/secrets.yml
@@ -115,5 +115,11 @@ core_vault_kibana_google_client_id:
 core_vault_kibana_google_client_secret: 
 core_vault_kibana_cookie_secret: kibanaoauth # Cookie secret for kibana Oauth
 
+# sunbird session secret key
+# Changing the secret value will invalidate all existing sessions.
+# In order to rotate the secret without invalidating sessions, provide an array of secrets,
+# with the new secret as first element of the array, and followed by previous secrets.
+sunbird_portal_session_secret:
+
 # !!!!! DO NOT UPDATE VARS BELOW THIS !!!
 # ***************************************************************************** #
-- 
GitLab