Create and manage application secrets

Encrypt sensitive config values using Jenkins. No need to raise a SUP request.

Use the create-app-config-secret Jenkins job to encrypt and manage application secrets for your service.

This process does not require a SUP to be raised with the Build and Deploy team.

Before you begin

If encrypting third-party tokens (like EIS or DES), you must use Jenkins on a secure Stride machine and access your hmrc.gov.uk email to retrieve credentials.

If your team does not have a Stride machine, contact your Centre Tech Lead.

Update the configuration

  1. Log in to Jenkins using your LDAP credentials.
  2. Select Build with Parameters.
  3. Select your environment.
  4. Select your config_item_type.
  5. Enter the config item name.
  6. Enter your secret value:
    • No spaces, double quotes, single quotes, or asterisks
  7. Enter your service name.
  8. Click Build.

Run the job and merge the PR

  1. Wait for the Jenkins job to complete.
  2. Click the green tick next to the job ID.
  3. Check GitHub:
    • A new branch named app-config-[environment]
    • An automatic PR
  4. Merge the PR immediately.
  5. Deploy the microservice to the correct environment.

Need support?

Contact #team-build-and-deploy or the security team on Slack.

Got feedback?

We’re always improving our docs. Share your feedback with the team.