AppDev

Application development

Articles

Architecture

• Identity Verification FlowPolicy
  FlowPolicy is a lightweight structure used to manage dependencies between Identity Verification steps

• Identity Verification Rate Limiting
  Rate limits in identity verification

Deploying

• Deploy Schedule for Automated Deploys
  The daily deploy schedule for IDP, PKI and Dashboard in lower environments

• Deploying new IDP and PKI code
  Release Manager’s Guide for Production

• Deploying the Sample Apps
  How to deploy oidc-sinatra and saml-sinatra to cloud.gov

Development

• How to Manage the 50/50 State
  During deploys, both new and old instances are serving requests. This is called the 50/50 state and requires careful management when changing code that is used across instances.

• Identity Proofing Testing
  Tips and tricks for testing identity proofing (IAL2 accounts) including example fake phone numbers and example PII

• SAML: Development
  High-level overview of the flow of SAML in the IDP code

• Secrets and Configuration
  How to update IDP and Rails app configuration (feature flags) and secrets application.yml, and how to use the app-s3-secret script

• Testing vendor APIs with live credentials
  Best practices for testing with sensitive keys

Oncall

• AppDev Oncall
  Responsibilities and runbook for AppDev oncall

• Bug Bounty Triage
  How to handle bug bounty reports

• Deployer Rotation
  Spreadsheet to track the AppDev Deployer

• Team Daytime Oncall
  Responsibilities for individual team daytime oncall

Setup

• Windows Virtual Machine Setup
  Setting up a Windows VM on your Mac so you can test Internet Explorer

Tasks

• Contact Form Updating Instructions
  Procedure for updating fields in the Help Center’s Contact Form

• Key rotation guide
  Guide for rotating secrets for the IdP and PKI codebases

• SAML: Annual Certificate Rotation
  How to perform annual certificate rotation

• Translation process
  Process and guidelines for localization and string translation (i18n)

• Updating MaxMind GeoIP database
  Instructions for updating our IP address geolocation database

• Updating Pwned Passwords Dataset
  Instructions for updating Pwned Passwords dataset in s3

X509 and PIV/CAC Certificates

• OpenSSL Command Line Recipes
  Commands for common certificate tasks, useful for PIV/CAC or AAMVA credentials

• Troubleshooting PIV/CAC logins and Managing Certificates
  If somebody has trouble using their PIV/CAC with Login.gov, and also how to download new certificates from Certificate Authorities

• Troubleshooting expiring PIV/CAC certs
  Guide on finding new certs if a cert is expiring

Other Articles

• Cloudwatch Dashboards
  How to search for, create, and manage cloudwatch dashboards

• Device profiling and fraud detection
  Information about configuring and testing device profiling and fraud detection

• Engineering Design Doc Template (deprecated)
  Template that can be copied for engineering proposals

• Environment Descriptions
  Listing of environments and the differences between them, like prod, pt, dm, int or dev

• IAL2 Common Errors List
  List of the most common IAL2 errors

• Triage User Issues
  Rails console scripts and Cloudwatch queries, for debugging the IDP

• Troubleshooting the Sandbox
  Troubleshooting issues with the Login.gov sandbox/int environment