Developing locally

With our growing number of service dependencies (APIs, DBs, etc) it can sometimes be impractical to spin up dependencies locally, with Docker for instance. In which case developers prefer to point their locally running application at our ‘dev’ environment. This therefore requires credentials to authenticate with HMPPS Auth in dev.

We used to require that developers request their own personal credentials that would mirror their service’s configuration and roles. We are no longer considering this necessary for the dev environment.

We will relax the IP allow listing to support use of dev service credentials within MoJ GlobalProtect and MoJ Digital VPN IP ranges. This will reduce the support burden on our team and avoid issues where developer and service credential configuration gets out of step.

The default process to follow will now be:

Request HMPPS Auth credentials as normal for your service and store them as Kubernetes secrets
When a developer needs credentials to develop against the dev environment, they can inspect their service’s Kubernetes secrets for the credentials they need and set them as local environment variables.

Personal credentials can still be requested if required (for maintenance of queues for example).

Note (1): Because preprod and prod environments contain production data, we are still restricting service credentials to the service host (e.g. Cloud Platform) IP ranges in these environments. This means that if you need to call preprod or prod APIs from your local machine, and you are SC cleared or have a suitable waiver, you’ll still need to request personal client credentials.
Note (2): Remember that the credentials are for a particular OAuth2 flow (authorization_code or client_credentials). This means, for example, that you won’t be able to use your service’s authorization_code credentials to make a client_credentials token request for calling an API.

_{This page was last reviewed on 07-Sep-2024, next review will be on 07-Jan-2024.}