alphagov · sengi · Feb 21, 2024 · Feb 20, 2024 · Feb 20, 2024 · Feb 20, 2024
diff --git a/data/repos.yml b/data/repos.yml
@@ -731,9 +731,8 @@
 
 - repo_name: govuk-secrets
   private_repo: true
-  team: "#govuk-platform-security-reliability-team"
   type: Utilities
-  sentry_url: false
+  retired: true
 
 - repo_name: govuk-sentry-monitor
   team: "#govuk-platform-security-reliability-team"

diff --git a/source/manual/add-authentication-to-an-application.html.md b/source/manual/add-authentication-to-an-application.html.md
diff --git a/source/manual/alerts/publisher-unprocessed-fact-check-emails.html.md b/source/manual/alerts/publisher-unprocessed-fact-check-emails.html.md
@@ -28,25 +28,10 @@ The current email addresses used for the fact checking process are:
 - govuk-fact-check-staging@digital.cabinet-office.gov.uk
 - govuk-fact-check-integration@digital.cabinet-office.gov.uk
 
-#### Retrieving credentials
-
-The passwords for the @digital.cabinet-office.gov.uk addresses are found in
-[govuk-secrets]:
-
-[govuk-secrets]: https://github.com/alphagov/govuk-secrets
-
-```sh
-PASSWORD_STORE_DIR=~/govuk/govuk-secrets/pass/2ndline pass google-accounts/govuk-fact-check@digital.cabinet-office.gov.uk
-```
-
-Or by logging into the Publisher console:
+### Retrieve the mailbox credentials from the app
 
 ```sh
-$ gds govuk connect app-console -e production publisher
-```
-
-```ruby
-> Publisher::Application.mail_fetcher_config
+echo 'Publisher::Application.mail_fetcher_config' | k exec -i deploy/publisher -- rails c
 ```
 
 ### Investigate the unprocessed emails

diff --git a/source/manual/amazonmq.html.md b/source/manual/amazonmq.html.md
@@ -16,7 +16,7 @@ Protocol][AMQP] (AMQP). Publishing's RabbitMQ cluster is provided by AWS' [Amazo
 Run `gds govuk connect amazonmq -e integration` and point your
 browser at the URL it gives you - it will look like <http://127.0.0.1:45612>, but will have a random port number. You can connect to `staging` and `production` the same way, just replace `integration` above with the environment of your choice.
 
-The username is `root` and the passwords for each environment are in the [pass](https://github.com/alphagov/govuk-secrets/tree/main/pass) password store under `amazonmq`.
+The username is `root` and the passwords for each environment are in `2ndline/publishing-amazonmq` in [Secrets Manager](secrets-manager.html) in the **production** AWS account.
 
 ## AmazonMQ metrics
 

diff --git a/source/manual/data-gov-uk-contracts-archive.html.md b/source/manual/data-gov-uk-contracts-archive.html.md
@@ -8,143 +8,3 @@ parent: "/manual.html"
 ---
 
 > This service is no longer available and was superseded by a new [Contracts Finder](https://www.gov.uk/contracts-finder) designed and operated by the Crown Commercial Service.
-
-## Application
-
-Visit the [contracts archive finder](https://data.gov.uk/data/contracts-finder-archive).
-
-### Finding the IP address of the machine
-
-Credentials for the AWS account are in the `govuk-secrets` repository under
-`2ndline/datagovuk/contracts-finder-archive-aws-console-pass`.
-
-Once logged in to the AWS console, you'll be able to list the EC2 instances and
-find the IP of the contracts archive finder.
-
-### SSH'ing onto the machine
-
-<a name="ssh-instructions"></a>
-
-If you need to `ssh` on to the machine, you can do so by grabbing the private
-key from `govuk-secrets` under
-`2ndline/datagovuk/contracts-finder-archive-cert`.
-
-You will need to put the private key into a file and change the permissions so
-it is not publicly viewable before you can use it.
-
-You can do this as follows:
-
-```sh
-$ cd ~/govuk/govuk-secrets
-$ PASSWORD_STORE_DIR=~/govuk/govuk-secrets/pass/2ndline pass datagovuk/contracts-finder-archive-cert > govuk-contracts-archive.pem
-$ chmod 400 govuk-contracts-archive.pem
-```
-
-You will then be able to `ssh` onto the machine in AWS by using the `.pem`
-file:
-
-```sh
-$ ssh -i "govuk-contracts-archive.pem" ubuntu@<ip address>
-```
-
-## Historical data
-
-### Snapshot
-
-There is a point in time snapshot of the contracts archive finder, should you
-need to access older log files.
-
-This is setup on the same AWS account as an EC2 instance called
-`2019-contracts-archive`. To access this machine, use the same certificate as
-above and `ssh` in as follows:
-
-```sh
-$ ssh -i "govuk-contracts-archive.pem" ubuntu@<ip address>
-```
-
-This machine includes Nginx logs from two periods:
-
-* June 9 to June 26 2018 - available at `/mount-old-arch/var/log/nginx`
-* March 9 to March 19 2019 - available at `/var/log/nginx`
-
-The machine was created from two snapshots that are sitting in the AWS account.
-These have the following descriptions:
-
-* contract-finder (started June 26 2018)
-* snapshot_contracts_20190319 (started March 19 2019)
-
-### On data.gov.uk
-
-A database of the contracts archive is also accessible in a SQLite database on
-this [dataset on data.gov.uk][dataset].
-
-[dataset]: https://data.gov.uk/dataset/97c75a0c-dd9b-42f9-969c-5e667d8c80f1/contracts-finder-archive-2011-to-2015
-
-## Takedown and text change requests
-
-### Authorise the request
-
-Respond to the user's Zendesk ticket, saying that we're processing the request.
-Change priority to Low and leave a message for the product owners that this ticket
-requires authorisation. When they have checked the validity of the request, they'll
-leave a comment in the ticket and move it to the relevant priority queue for the
-Technical 2nd Line developers to process.
-
-### Process the request
-
-#### Text change
-
-To change the text inside a contract, e.g. to remove company details from the actual
-contract entry, you'd [SSH onto the contracts archive machine](#ssh-instructions),
-then open SQLite:
-
-```sh
-sqlite3 ~/src/contracts-archive/instance/app.db
-```
-
-Find out the `award_id`:
-
-```sql
-select * from award_detail where business_name like "%word%";
-```
-
-Then for each `award_id`:
-
-```
-UPDATE award_detail set business_name = 'Redacted', business_address = 'Redacted' WHERE award_id = xxxxxx;
-```
-
-Note that a reindex is _not_ necessary.
-
-#### Takedown
-
-To take down a contract, [SSH onto the contracts archive machine](#ssh-instructions)
-and then move the relevant contract attachments to the redacted folder.
-
-Contracts are located on the machine at
-`~/src/contracts-archive/instance/documents`. Find the directory for the
-contract you are trying to redact. It will be
-`~/src/contracts-archive/instance/documents/<contract_id>`.
-
-For example if the contract id is `12345` then you will find all the files
-under the directory `~/src/contracts-archive/instance/documents/12345`.
-
-Create a new directory in `~/src/contracts-archive/instance/redacted`. Name the
-directory the same as the contract id.
-
-Move all the files from the `documents/<contract_id>` into the
-`redacted/<contract_id>` folder.
-
-Note that this method will remove the downloadable attachments, but leave the
-contract page available to view on the website. This is fine. You can confirm
-that you've redacted the documents by navigating to the contract in the
-contracts archive finder application and clicking on the download links for
-each attachment. It should return a 404 Not Found. This may require adding a
-cachebust string to the download URL.
-
-You should also remove it from Google cache (this will only work once we've
-reinstated the using this page:
-
-<https://www.google.com/webmasters/tools/url-removal?hl=en&siteUrl=https://data.gov.uk>
-
-Click “Temporarily Hide” and provide the URL and then Submit.
diff --git a/source/manual/govuk-notify.html.md b/source/manual/govuk-notify.html.md
@@ -56,11 +56,9 @@ for each environment):
 
 **[👉 Sign in to the GOV.UK Notify dashboard](https://www.notifications.service.gov.uk/sign-in)**
 
-You can either use your own credentials (if you have them) or you can use the
-credentials in [govuk-secrets][] (found in the `govuk-notify/2nd-line-support`
-entry).
-
-[govuk-secrets]: https://github.com/alphagov/govuk-secrets
+Use your own account if you have one, otherwise you can use the shared
+credentials under `2ndline/notify` in [Secrets Manager](secrets-manager.html)
+if necessary.
 
 ## Receiving emails from GOV.UK Notify
 

diff --git a/source/manual/on-call.html.md b/source/manual/on-call.html.md
@@ -147,8 +147,6 @@ support (assuming everything is working).
 
 [So, you're having an incident]: /manual/incident-what-to-do.html
 [docs]: https://github.com/alphagov/govuk-developer-docs/
-[govuk-secrets]: https://github.com/alphagov/govuk-secrets/
-[vcloud]: connect-to-vcloud-director.html
 [payment claim form]: https://forms.gle/yvPoANwrsHz8SrL4A
 [access AWS]: /manual/get-started.html#sign-in-to-aws
 [access GCP]: /manual/google-cloud-platform-gcp.html
diff --git a/source/manual/pingdom.html.md b/source/manual/pingdom.html.md
@@ -14,7 +14,7 @@ Pingdom operates by making pre-defined requests at a regular interval (typically
 
 ## Access Pingdom
 
-GOV.UK account credentials for Pingdom are available in [govuk-secrets](https://github.com/alphagov/govuk-secrets) via the [Technical 2nd Line password store](https://github.com/alphagov/govuk-secrets/tree/master/pass) under `monitoring/pingdom`.
+Login credentials for Pingdom are under `2ndline/pingdom` in [Secrets Manager](secrets-manager.html).
 
 ## Add a Pingdom check