Skip to content

refactor: move ZeroSSL certificate IDs from AWS SSM to local config #721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: v1.0-dev
Choose a base branch
from
Open

refactor: move ZeroSSL certificate IDs from AWS SSM to local config #721

wants to merge 3 commits into from

Conversation

@ktechmidas
Copy link
Contributor

Issue being fixed or feature implemented

ZeroSSL certificate IDs were unnecessarily stored in AWS SSM Parameter Store, adding complexity and AWS dependencies for
non-sensitive data. Certificate IDs are public identifiers that don't require secure storage, unlike API keys which should remain
secret.

What was done?

  • Extracted ZeroSSL certificate IDs from AWS SSM and added them directly to testnet.yml under each HP masternode configuration
  • Simplified the dashmate ZeroSSL role by removing all AWS SSM lookups and updates for certificate IDs
  • Maintained backwards compatibility - self-signed certificates for other networks (mainnet-support, devnet) remain unchanged
  • Added robust error handling for networks without hp_masternodes or certificate IDs defined

Key changes:

  • Modified ansible/roles/dashmate/tasks/ssl/zerossl.yml to read certificate IDs from local hp_masternodes config instead of AWS SSM
  • Updated networks/testnet.yml with certificate IDs for all HP masternodes (except hp-masternode-2 which has no certificate)
  • Removed complex fallback logic and AWS dependencies from certificate management

How Has This Been Tested?

  • Verified certificate ID extraction from AWS SSM for all testnet HP masternodes
  • Tested variable access patterns using test playbooks to ensure hp_masternodes[inventory_hostname]['zerossl_certificate_id'] works
    correctly
  • Validated different network scenarios:
    • Testnet with certificate IDs → uses ZeroSSL with local config
    • Mainnet-support without certificate IDs → uses self-signed certificates (unchanged)
    • Networks without hp_masternodes defined → gracefully handles missing data
  • Confirmed SSL provider logic remains intact (zerossl for testnet, self-signed default for others)

Breaking Changes

None. This change is backwards compatible:

  • Networks using self-signed certificates continue to work unchanged
  • ZeroSSL functionality is preserved, just sourced from local config instead of AWS SSM
  • All existing deployment workflows remain functional

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added or updated relevant unit/integration/functional/e2e tests
  • I have made corresponding changes to the documentation

For repository code-owners and collaborators only

  • I have assigned this pull request to a milestone

vivekgsharma
vivekgsharma approved these changes Jun 18, 2025
View reviewed changes
Copy link
Collaborator

@vivekgsharma vivekgsharma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vivekgsharma vivekgsharma vivekgsharma approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ktechmidas @vivekgsharma