From 3f5bab85c92ae1d224240970d02982847c28fd5c Mon Sep 17 00:00:00 2001
From: Stefan Heinemann <stefan.heinemann@swisstopo.ch>
Date: Tue, 1 Oct 2024 13:32:01 +0200
Subject: [PATCH] PB-950 Switch to using ssm params

---
 README.md   |  7 ++++---
 secrets.yml | 20 +++++++++++---------
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index a3a4013d..42b0920a 100644
--- a/README.md
+++ b/README.md
@@ -431,11 +431,12 @@ With the following commands it is possible to get a proper state of the database
 ## Initial Setup up the RDS database and the user
 
 Right now the initial setup on the RDS database for the stagings *dev*, *int* and *prod* can be obtained
-with the helper script `scripts/setup_rds_db.sh`. The credentials come from `gopass`. To
-setup the RDS database on int, run following command:
+with the helper script `scripts/setup_rds_db.sh`. The credentials come from `ssm`. To
+setup the RDS database on int, run following command (the PROFILE variable denotes in what account the
+parameters are stored):
 
 ```bash
-    summon -p `which summon-gopass` -D APP_ENV=int scripts/setup_rds_db.sh
+    summon -p `ssm` -D APP_ENV=int -D PROFILE=swisstopo-bgdi-dev scripts/setup_rds_db.sh
 ```
 
 **Note:** The script won't delete the existing database.
diff --git a/secrets.yml b/secrets.yml
index d1785ed4..ddf116a8 100644
--- a/secrets.yml
+++ b/secrets.yml
@@ -1,9 +1,11 @@
-DB_HOST: !var infra-gopass-bgdi/service-stac/$APP_ENV/db/service_stac_admin_$APP_ENV host
-DB_NAME: !var infra-gopass-bgdi/service-stac/$APP_ENV/db/service_stac_admin_$APP_ENV name
-DB_PORT: !var infra-gopass-bgdi/service-stac/$APP_ENV/db/service_stac_admin_$APP_ENV port
-DB_USER: !var infra-gopass-bgdi/service-stac/$APP_ENV/db/service_stac_admin_$APP_ENV user
-DB_PW: !var infra-gopass-bgdi/service-stac/$APP_ENV/db/service_stac_admin_$APP_ENV password
-DB_SUPER_USER: !var infra-gopass-bgdi/rds/bgdi-$APP_ENV/postgres user
-DB_SUPER_PW: !var infra-gopass-bgdi/rds/bgdi-$APP_ENV/postgres password
-AWS_ACCESS_KEY_ID: !var infra-gopass-bgdi/service-stac/$APP_ENV/s3/service-stac-tech-$APP_ENV key
-AWS_SECRET_ACCESS_KEY: !var infra-gopass-bgdi/service-stac/$APP_ENV/s3/service-stac-tech-$APP_ENV secret
\ No newline at end of file
+DB_NAME: !var /amazon-rds/$APP_ENV/service-stac/db_name --profile $PROFILE
+DB_USER: !var /amazon-rds/$APP_ENV/service-stac/user --profile $PROFILE
+DB_PW: !var /amazon-rds/$APP_ENV/service-stac/password --profile $PROFILE
+
+AWS_ACCESS_KEY_ID: !var /service-stac/$APP_ENV/aws_access_key_id --profile $PROFILE
+AWS_SECRET_ACCESS_KEY: !var /service-stac/$APP_ENV/aws_secret_access_key --profile $PROFILE
+
+DB_HOST: !var /amazon-rds/$APP_ENV/host/domain --profile $PROFILE
+DB_PORT: !var /amazon-rds/$APP_ENV/host/port --profile $PROFILE
+DB_SUPER_USER: !var /amazon-rds/$APP_ENV/admin/user --profile $PROFILE
+DB_SUPER_PW: !var /amazon-rds/$APP_ENV/admin/password --profile $PROFILE