feature(document-archiving): deploy to core QA. PIN-7642

commons/qa/configmaps/feature-flags-configmap.yaml

@@ -8,11 +8,11 @@ data:
   FEATURE_FLAG_ADMIN_CLIENT: "true"
   FEATURE_FLAG_SIGNALHUB_WHITELIST: "false"
   FEATURE_FLAG_AGREEMENT_APPROVAL_POLICY_UPDATE: "true"
-  FEATURE_FLAG_AGREEMENTS_CONTRACT_BUILDER: "true"
+  FEATURE_FLAG_AGREEMENTS_CONTRACT_BUILDER: "false"
   FEATURE_FLAG_CLIENT_ASSERTION_STRICT_CLAIMS_VALIDATION: "true"
-  FEATURE_FLAG_DELEGATIONS_CONTRACT_BUILDER: "true"
+  FEATURE_FLAG_DELEGATIONS_CONTRACT_BUILDER: "false"
   FEATURE_FLAG_IMPROVED_PRODUCER_VERIFICATION_CLAIMS: "true"
   FEATURE_FLAG_NOTIFICATION_CONFIG: "false"
   FEATURE_FLAG_PURPOSE_TEMPLATE: "true"
-  FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER: "true"
+  FEATURE_FLAG_PURPOSES_CONTRACT_BUILDER: "false"
   FEATURE_FLAG_ESERVICE_PERSONAL_DATA: "true"

commons/qa/configmaps/flyway-readmodel-agreement-configmap.yaml

@@ -153,4 +153,8 @@ data:
     GRANT SELECT ON TABLE "${NAMESPACE}_agreement".agreement_signed_contract TO "${NAMESPACE}_notification_email_sender_user";
     GRANT SELECT ON TABLE "${NAMESPACE}_agreement".agreement_signed_contract TO "${NAMESPACE}_token_generation_readmodel_checker_user";
     GRANT SELECT ON TABLE "${NAMESPACE}_agreement".agreement_signed_contract TO "${NAMESPACE}_purpose_template_process_user";
+
+  V1.4__Grant_Access_DocumentsGenerator_Agreement.sql: |-
+    GRANT USAGE ON SCHEMA "${NAMESPACE}_agreement" to "${NAMESPACE}_documents_generator_user";
+    GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_agreement" TO "${NAMESPACE}_documents_generator_user";
 

commons/qa/configmaps/flyway-readmodel-attribute-registry-configmap.yaml

@@ -52,4 +52,8 @@ data:
 
   V1.2__Grant_Access_PurposeTemplateProcess_Attribute.sql: |-
     GRANT USAGE ON SCHEMA "${NAMESPACE}_attribute" to "${NAMESPACE}_purpose_template_process_user";
-    GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_attribute" TO "${NAMESPACE}_purpose_template_process_user";
+    GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_attribute" TO "${NAMESPACE}_purpose_template_process_user";
+
+  V1.3__Grant_Access_DocumentsGenerator_Attribute.sql: |-
+    GRANT USAGE ON SCHEMA "${NAMESPACE}_attribute" to "${NAMESPACE}_documents_generator_user";
+    GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_attribute" TO "${NAMESPACE}_documents_generator_user";

commons/qa/configmaps/flyway-readmodel-catalog-configmap.yaml

@@ -209,4 +209,8 @@ data:
 
   V1.3__Grant_Access_PurposeTemplateProcess_Catalog.sql: |-
     GRANT USAGE ON SCHEMA "${NAMESPACE}_catalog" to "${NAMESPACE}_purpose_template_process_user";
-    GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_catalog" TO "${NAMESPACE}_purpose_template_process_user";
+    GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_catalog" TO "${NAMESPACE}_purpose_template_process_user";
+
+  V1.4__Grant_Access_DocumentsGenerator_Catalog.sql: |-
+    GRANT USAGE ON SCHEMA "${NAMESPACE}_catalog" to "${NAMESPACE}_documents_generator_user";
+    GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_catalog" TO "${NAMESPACE}_documents_generator_user";

commons/qa/configmaps/flyway-readmodel-delegation-configmap.yaml

@@ -107,3 +107,7 @@ data:
     GRANT SELECT ON TABLE "${NAMESPACE}_delegation".delegation_signed_contract_document TO "${NAMESPACE}_tenant_process_user";
     GRANT SELECT ON TABLE "${NAMESPACE}_delegation".delegation_signed_contract_document TO "${NAMESPACE}_datalake_data_export_user";
     GRANT SELECT ON TABLE "${NAMESPACE}_delegation".delegation_signed_contract_document TO "${NAMESPACE}_purpose_template_process_user";
+
+  V1.4__Grant_Access_DocumentsGenerator_Delegation.sql: |-
+    GRANT USAGE ON SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_documents_generator_user";    
+    GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_delegation" TO "${NAMESPACE}_documents_generator_user";

commons/qa/configmaps/flyway-readmodel-tenant-configmap.yaml

@@ -188,4 +188,8 @@ data:
 
   V1.2__Grant_Access_PurposeTemplateProcess_Tenant.sql: |-
     GRANT USAGE ON SCHEMA "${NAMESPACE}_tenant" to "${NAMESPACE}_purpose_template_process_user";
-    GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_tenant" TO "${NAMESPACE}_purpose_template_process_user";
+    GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_tenant" TO "${NAMESPACE}_purpose_template_process_user";
+
+  V1.3__Grant_Access_DocumentsGenerator_Tenant.sql: |-
+    GRANT USAGE ON SCHEMA "${NAMESPACE}_tenant" to "${NAMESPACE}_documents_generator_user";
+    GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_tenant" TO "${NAMESPACE}_documents_generator_user";

commons/qa/configmaps/safe-storage-configmap.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: common-safe-storage
+  namespace: qa
+data:
+  BASE_URL: "http://vpce-0f17b997ad7e109cd-qh68uzeo.vpce-svc-075ebde4859d4c631.eu-south-1.vpce.amazonaws.com:8080"
+  DOC_TYPE: "INTEROP_LEGAL_FACTS"
+  DOC_STATUS: "SAVED"
+  LIVE_REQUESTS_DYNAMO_TABLE_NAME: "interop-safe-storage-signature-tracking-qa"

commons/qa/images.yaml

@@ -18,6 +18,8 @@ images:
       tag: "2.9.0-RC4"
     attribute-registry-readmodel-writer-sql:
       tag: "2.9.0-RC4"
+    audit-signer:
+      tag: "TBD"
     authorization-management:
       tag: "1.0.18"
     authorization-platformstate-writer:
@@ -64,6 +66,10 @@ images:
       tag: "2.9.0-RC4"
     delegation-readmodel-writer-sql:
       tag: "2.9.0-RC4"
+    documents-generator:
+      tag: "TBD"
+    documents-signer:
+      tag: "TBD"
     eservice-descriptors-archiver:
       tag: "2.9.0-RC4"
     eservice-template-instances-updater:
@@ -74,6 +80,8 @@ images:
       tag: "2.9.0-RC4"
     eservice-template-readmodel-writer-sql:
       tag: "2.9.0-RC4"
+    events-signer:
+      tag: "TBD"
     frontend:
       tag: "1.4.0-RC5"
     key-readmodel-writer:
@@ -120,6 +128,8 @@ images:
       tag: "2.9.0-RC4"
     ses-mock:
       tag: "20"
+    signed-objects-persister:
+      tag: "TBD"
     smtp-mock:
       tag: "1.10.4"
     tenant-outbound-writer:

commons/qa/values-microservice.yaml

@@ -28,6 +28,8 @@ local:
     RSA_KEYS_IDENTIFIERS: "17d3f3c0-5730-45a9-be8a-655e77bf3555"
     DEV_ENDPOINTS_ENABLED: "true"
     ENABLED_PROJECTIONS: "false"
+  awsAccountId: "755649575658"
+  env: "qa"
 
 autoscaling:
   keda:

microservices/audit-signer/qa/values.yaml

@@ -0,0 +1,30 @@
+name: interop-be-audit-signer
+techStack: nodejs
+
+serviceAccount:
+  roleArn: "arn:aws:iam::{{.Values.local.awsAccountId}}:role/interop-be-audit-signer-{{.Values.local.env}}-es1"
+
+service:
+  create: false
+
+configmap:
+  SERVICE_NAME: "audit-signer"
+  SQS_MAX_NUMBER_OF_MSGS: "5"
+  SQS_LONG_POLL_WAIT_TIME_SECONDS: "20"
+  SQS_VISIBILITY_TIMEOUT_SECONDS: "20"
+  S3_BUCKET: "interop-generated-jwt-details-{{.Values.local.env}}-es1"
+  SQS_URL: "https://sqs.eu-south-1.amazonaws.com/{{.Values.local.awsAccountId}}/interop-jwt-details-new-s3-object-{{.Values.namespace}}"
+  SAFE_STORAGE_CLIENT_ID: "interop-{{.Values.namespace}}-audit-signer"
+
+deployment:
+  envFromConfigmaps:
+    SAFE_STORAGE_BASE_URL: "common-safe-storage.BASE_URL"
+    SAFE_STORAGE_DOC_TYPE: "common-safe-storage.DOC_TYPE"
+    SAFE_STORAGE_DOC_STATUS: "common-safe-storage.DOC_STATUS"
+    SIGNATURE_REFERENCES_TABLE_NAME: "common-safe-storage.LIVE_REQUESTS_DYNAMO_TABLE_NAME"
+
+  envFromSecrets:
+    SAFE_STORAGE_API_KEY: "safe-storage-signing-credentials.password"
+
+  envFromFieldRef:
+    AWS_ROLE_SESSION_NAME: "metadata.name"

microservices/backend-for-frontend/qa/values.yaml

@@ -26,11 +26,11 @@ configmap:
   INTERNAL_JWT_SUBJECT: "{{.Values.namespace}}.interop-m2m"
   INTERNAL_JWT_AUDIENCE: "{{.Values.namespace}}.interop.pagopa.it/internal"
   INTERNAL_JWT_SECONDS_DURATION: "3600"
-  CONSUMER_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1"
+  CONSUMER_DOCUMENTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1"
   CONSUMER_DOCUMENTS_PATH: "{{.Values.namespace}}/agreement/consumer-docs"
   ESERVICE_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1"
   ESERVICE_DOCUMENTS_PATH: "eservices/docs"
-  RISK_ANALYSIS_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1"
+  RISK_ANALYSIS_DOCUMENTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1"
   RISK_ANALYSIS_DOCUMENTS_PATH: "{{.Values.namespace}}/risk-analysis/docs"
   PURPOSE_TEMPLATE_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1"
   PURPOSE_TEMPLATE_DOCUMENTS_PATH: "{{.Values.namespace}}/purpose-template/docs"
@@ -61,7 +61,7 @@ configmap:
   PRESIGNED_URL_PUT_DURATION_MINUTES: "2"
   PAGOPA_TENANT_ID: "69e2865e-65ab-4e48-a638-2037a9ee2ee7"
   INTEROP_SELFCARE_PRODUCT_NAME: "prod-interop-coll"
-  DELEGATION_CONTRACTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1"
+  DELEGATION_CONTRACTS_CONTAINER: "interop-signed-application-documents-{{.Values.namespace}}-es1"
   ESERVICE_TEMPLATE_DOCUMENTS_CONTAINER: "interop-application-documents-{{.Values.namespace}}-es1"
   ESERVICE_TEMPLATE_DOCUMENTS_PATH: "eservice-template/docs"
   BFF_SWAGGER_UI_ENABLED: true

microservices/documents-generator/qa/values.yaml

@@ -0,0 +1,58 @@
+name: interop-be-documents-generator
+techStack: nodejs
+
+serviceAccount:
+  roleArn: "arn:aws:iam::{{.Values.local.awsAccountId}}:role/interop-be-documents-generator-{{.Values.local.env}}-es1"
+
+service:
+  create: false
+
+configmap:
+  KAFKA_GROUP_ID: "{{.Values.local.env}}-documents-generator"
+  TOPIC_STARTING_OFFSET: "earliest"
+  AVERAGE_KAFKA_MESSAGE_SIZE_IN_BYTES: "5000"
+  MESSAGES_TO_READ_PER_BATCH: "500"
+  MAX_WAIT_KAFKA_BATCH_MILLIS: "5000"
+  S3_BUCKET: "interop-application-documents-{{.Values.local.env}}-es1"
+  DELEGATION_DOCUMENT_PATH: "{{.Values.namespace}}/generated-documents-unsigned/delegation"
+  AGREEMENT_DOCUMENT_PATH: "{{.Values.namespace}}/generated-documents-unsigned/agreement"
+  RISK_ANALYSIS_DOCUMENT_PATH: "{{.Values.namespace}}/generated-documents-unsigned/risk-analysis"
+  INTERNAL_JWT_KID: "{{.Values.local.interop_be_commons.RSA_KEYS_IDENTIFIERS}}"
+  INTERNAL_JWT_SUBJECT: "{{.Values.namespace}}.interop-documents-generator"
+  INTERNAL_JWT_ISSUER: "{{.Values.namespace}}.interop.pagopa.it"
+  INTERNAL_JWT_AUDIENCE: "{{.Values.namespace}}.interop.pagopa.it/internal"
+  INTERNAL_JWT_SECONDS_DURATION: "3600"
+
+deployment:
+  envFromConfigmaps:
+    KAFKA_BROKERS: "common-kafka.KAFKA_BROKERS"
+    DELEGATION_TOPIC: "common-kafka.DELEGATION_TOPIC"
+    CATALOG_TOPIC: "common-kafka.CATALOG_TOPIC"
+    AGREEMENT_TOPIC: "common-kafka.AGREEMENT_TOPIC"
+    PURPOSE_TOPIC: "common-kafka.PURPOSE_TOPIC"
+    AUTHORIZATION_TOPIC: "common-kafka.AUTHORIZATION_TOPIC"
+    READMODEL_SQL_DB_HOST: "common-read-model-sql.DB_HOST_RO"
+    READMODEL_SQL_DB_PORT: "common-read-model-sql.DB_PORT"
+    READMODEL_SQL_DB_NAME: "common-read-model-sql.DB_NAME"
+    READMODEL_SQL_DB_USE_SSL: "common-read-model-sql.DB_USE_SSL"
+    READMODEL_SQL_DB_SCHEMA_AGREEMENT: "common-read-model-sql.DB_SCHEMA_AGREEMENT"
+    READMODEL_SQL_DB_SCHEMA_ATTRIBUTE: "common-read-model-sql.DB_SCHEMA_ATTRIBUTE"
+    READMODEL_SQL_DB_SCHEMA_CATALOG: "common-read-model-sql.DB_SCHEMA_CATALOG"
+    READMODEL_SQL_DB_SCHEMA_CLIENT_JWK_KEY: "common-read-model-sql.DB_SCHEMA_CLIENT_JWK_KEY"
+    READMODEL_SQL_DB_SCHEMA_CLIENT: "common-read-model-sql.DB_SCHEMA_CLIENT"
+    READMODEL_SQL_DB_SCHEMA_DELEGATION: "common-read-model-sql.DB_SCHEMA_DELEGATION"
+    READMODEL_SQL_DB_SCHEMA_ESERVICE_TEMPLATE: "common-read-model-sql.DB_SCHEMA_ESERVICE_TEMPLATE"
+    READMODEL_SQL_DB_SCHEMA_PRODUCER_JWK_KEY: "common-read-model-sql.DB_SCHEMA_PRODUCER_JWK_KEY"
+    READMODEL_SQL_DB_SCHEMA_PRODUCER_KEYCHAIN: "common-read-model-sql.DB_SCHEMA_PRODUCER_KEYCHAIN"
+    READMODEL_SQL_DB_SCHEMA_PURPOSE: "common-read-model-sql.DB_SCHEMA_PURPOSE"
+    READMODEL_SQL_DB_SCHEMA_PURPOSE_TEMPLATE: "common-read-model-sql.DB_SCHEMA_PURPOSE_TEMPLATE"
+    READMODEL_SQL_DB_SCHEMA_TENANT: "common-read-model-sql.DB_SCHEMA_TENANT"
+    AGREEMENT_PROCESS_URL: "common-services-urls.AGREEMENT_PROCESS_URL"
+    DELEGATION_PROCESS_URL: "common-services-urls.DELEGATION_PROCESS_URL"
+    PURPOSE_PROCESS_URL: "common-services-urls.PURPOSE_PROCESS_URL"
+  envFromSecrets:
+    READMODEL_SQL_DB_USERNAME: "platform-data-documents-generator-user.username"
+    READMODEL_SQL_DB_PASSWORD: "platform-data-documents-generator-user.password"
+  envFromFieldRef:
+    AWS_ROLE_SESSION_NAME: "metadata.name"
+    KAFKA_CLIENT_ID: "metadata.name"

microservices/documents-signer/qa/values.yaml

@@ -0,0 +1,38 @@
+name: interop-be-documents-signer
+techStack: nodejs
+
+serviceAccount:
+  roleArn: "arn:aws:iam::{{.Values.local.awsAccountId}}:role/interop-be-documents-signer-{{.Values.local.env}}-es1"
+
+service:
+  create: false
+
+configmap:
+  SERVICE_NAME: "documents-signer"
+  SAFE_STORAGE_CLIENT_ID: "interop-{{.Values.namespace}}-documents-signer"
+  KAFKA_GROUP_ID: "{{.Values.local.env}}-documents-signer"
+  TOPIC_STARTING_OFFSET: "earliest"
+  AVERAGE_KAFKA_MESSAGE_SIZE_IN_BYTES: "5000"
+  MESSAGES_TO_READ_PER_BATCH: "500"
+  MAX_WAIT_KAFKA_BATCH_MILLIS: "5000"
+  S3_BUCKET: "interop-application-documents-{{.Values.local.env}}-es1"
+
+deployment:
+  envFromConfigmaps:
+    KAFKA_BROKERS: "common-kafka.KAFKA_BROKERS"
+    DELEGATION_TOPIC: "common-kafka.DELEGATION_TOPIC"
+    CATALOG_TOPIC: "common-kafka.CATALOG_TOPIC"
+    AGREEMENT_TOPIC: "common-kafka.AGREEMENT_TOPIC"
+    PURPOSE_TOPIC: "common-kafka.PURPOSE_TOPIC"
+    AUTHORIZATION_TOPIC: "common-kafka.AUTHORIZATION_TOPIC"
+    SAFE_STORAGE_BASE_URL: "common-safe-storage.BASE_URL"
+    SAFE_STORAGE_DOC_TYPE: "common-safe-storage.DOC_TYPE"
+    SAFE_STORAGE_DOC_STATUS: "common-safe-storage.DOC_STATUS"
+    SIGNATURE_REFERENCES_TABLE_NAME: "common-safe-storage.LIVE_REQUESTS_DYNAMO_TABLE_NAME"
+
+  envFromSecrets:
+    SAFE_STORAGE_API_KEY: "safe-storage-signing-credentials.password"
+
+  envFromFieldRef:
+    AWS_ROLE_SESSION_NAME: "metadata.name"
+    KAFKA_CLIENT_ID: "metadata.name"

microservices/events-signer/qa/values.yaml

@@ -0,0 +1,38 @@
+name: interop-be-events-signer
+techStack: nodejs
+
+serviceAccount:
+  roleArn: "arn:aws:iam::{{.Values.local.awsAccountId}}:role/interop-be-events-signer-{{.Values.local.env}}-es1"
+
+service:
+  create: false
+
+configmap:
+  SERVICE_NAME: "events-signer"
+  KAFKA_GROUP_ID: "{{.Values.local.env}}-events-signer"
+  AVERAGE_KAFKA_MESSAGE_SIZE_IN_BYTES: "5000"
+  MESSAGES_TO_READ_PER_BATCH: "500"
+  MAX_WAIT_KAFKA_BATCH_MILLIS: "5000"
+  TOPIC_STARTING_OFFSET: "earliest"
+  SAFE_STORAGE_CLIENT_ID: "interop-{{.Values.namespace}}-events-signer"
+  S3_BUCKET: "interop-domain-events-{{.Values.local.env}}-es1"
+
+deployment:
+  envFromConfigmaps:
+    AGREEMENT_TOPIC: "common-kafka.AGREEMENT_TOPIC"
+    AUTHORIZATION_TOPIC: "common-kafka.AUTHORIZATION_TOPIC"
+    CATALOG_TOPIC: "common-kafka.CATALOG_TOPIC"
+    DELEGATION_TOPIC: "common-kafka.DELEGATION_TOPIC"
+    PURPOSE_TOPIC: "common-kafka.PURPOSE_TOPIC"
+    KAFKA_BROKERS: "common-kafka.KAFKA_BROKERS"
+    SAFE_STORAGE_BASE_URL: "common-safe-storage.BASE_URL"
+    SAFE_STORAGE_DOC_TYPE: "common-safe-storage.DOC_TYPE"
+    SAFE_STORAGE_DOC_STATUS: "common-safe-storage.DOC_STATUS"
+    SIGNATURE_REFERENCES_TABLE_NAME: "common-safe-storage.LIVE_REQUESTS_DYNAMO_TABLE_NAME"
+
+  envFromSecrets:
+    SAFE_STORAGE_API_KEY: "safe-storage-signing-credentials.password"
+
+  envFromFieldRef:
+    AWS_ROLE_SESSION_NAME: "metadata.name"
+    KAFKA_CLIENT_ID: "metadata.name"

microservices/signed-objects-persister/qa/values.yaml

@@ -0,0 +1,40 @@
+name: interop-be-signed-objects-persister
+techStack: nodejs
+
+serviceAccount:
+  roleArn: "arn:aws:iam::{{.Values.local.awsAccountId}}:role/interop-be-signed-objects-persister-{{.Values.local.env}}-es1"
+
+service:
+  create: false
+
+configmap:
+  SERVICE_NAME: "signed-objects-persister"
+  SQS_MAX_NUMBER_OF_MSGS: "5"
+  SQS_LONG_POLL_WAIT_TIME_SECONDS: "20"
+  SQS_VISIBILITY_TIMEOUT_SECONDS: "20"
+  S3_BUCKET_SIGNED_DOCUMENTS: "interop-signed-application-documents-{{.Values.local.env}}-es1"
+  S3_BUCKET_EVENTS: "interop-signed-domain-events-{{.Values.local.env}}-es1"
+  S3_BUCKET_AUDIT: "interop-signed-jwt-audit-{{.Values.local.env}}-es1"
+  SQS_URL: "https://sqs.eu-south-1.amazonaws.com/{{.Values.local.awsAccountId}}/interop-safe-storage-completed-tasks-{{.Values.namespace}}"
+  SAFE_STORAGE_CLIENT_ID: "interop-{{.Values.namespace}}-signed-objects-persister"
+  INTERNAL_JWT_KID: "{{.Values.local.interop_be_commons.RSA_KEYS_IDENTIFIERS}}"
+  INTERNAL_JWT_SUBJECT: "{{.Values.namespace}}.interop-signed-objects-persister"
+  INTERNAL_JWT_ISSUER: "{{.Values.namespace}}.interop.pagopa.it"
+  INTERNAL_JWT_AUDIENCE: "{{.Values.namespace}}.interop.pagopa.it/internal"
+  INTERNAL_JWT_SECONDS_DURATION: "3600"
+
+deployment:
+  envFromConfigmaps:
+    SAFE_STORAGE_BASE_URL: "common-safe-storage.BASE_URL"
+    SAFE_STORAGE_DOC_TYPE: "common-safe-storage.DOC_TYPE"
+    SAFE_STORAGE_DOC_STATUS: "common-safe-storage.DOC_STATUS"
+    SIGNATURE_REFERENCES_TABLE_NAME: "common-safe-storage.LIVE_REQUESTS_DYNAMO_TABLE_NAME"
+    AGREEMENT_PROCESS_URL: "common-services-urls.AGREEMENT_PROCESS_URL"
+    DELEGATION_PROCESS_URL: "common-services-urls.DELEGATION_PROCESS_URL"
+    PURPOSE_PROCESS_URL: "common-services-urls.PURPOSE_PROCESS_URL"
+
+  envFromSecrets:
+    SAFE_STORAGE_API_KEY: "safe-storage-signing-credentials.password"
+
+  envFromFieldRef:
+    AWS_ROLE_SESSION_NAME: "metadata.name"