How are the secrets generated in the Reference Architecture?
I’m recreating one of the accounts. I see that secret names are hardcoded in `var/autogen/dev_vars.yaml`. But I don’t see how these secrets are created. It is said that value files generated from template. Is there a simple way to regenerate secrets?
The Reference Architecture generates the following secrets, all of which are specific to the sample app: **RDS Database config**: a JSON structure containing the database engine, port, username, and password information. The password is a random 32 character string. You can use any process to generate this. Once the password is generated, you can encode the information in the following JSON, and then upload it to Secrets Manager: ``` { "engine": "mysql", "port": 3306, "username": "USERNAME", "password": "PASSWORD", "dbname": "DATABASE" } ``` **TLS secrets**: a JSON structure containing a self-signed TLS certificate. You can use any process to generate the self-signed TLS certificates. If you would like a streamlined process, you can use the [tls-scripts](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/master/modules/tls-scripts) module in the Service Catalog. Note that the sample app expects two sets of self-signed certificates: one for the backend, and another for the frontend. Once the self-signed certificates are generated, you can encode them in the following way for the sample apps: _frontend_ ``` { "app": { "ca": "RAW_PUBLIC_CERT_KEY_OF_FRONTEND_CA", "crt": "RAW_PUBLIC_CERT_KEY_OF_SELF_SIGNED_CERT_FOR_FRONTEND", "key": "RAW_PRIVATE_CERT_KEY_OF_SELF_SIGNED_CERT_FOR_FRONTEND" }, "services": { "backend": "RAW_PUBLIC_CERT_KEY_OF_BACKEND_CA" } } ``` _backend_ ``` { "app": { "ca": "RAW_PUBLIC_CERT_KEY_OF_BACKEND_CA", "crt": "RAW_PUBLIC_CERT_KEY_OF_SELF_SIGNED_CERT_FOR_BACKEND", "key": "RAW_PRIVATE_CERT_KEY_OF_SELF_SIGNED_CERT_FOR_BACKEND" } } ``` --- Side note: At this time, we are not granting access to the `terraform-aws-architecture-catalog` where the templates for the Reference Architecture are hosted, and thus you will not be able to use the autogen vars directly to create a new environment. Please refer to [the reference architecture docs on adding a new account](https://github.com/gruntwork-io/terraform-aws-service-catalog/blob/master/examples/for-production/infrastructure-live/docs/06-adding-a-new-account.md) for instructions on how to do this without the templates.