README_engineers.md

How does https://echo.artsy.net/Echo.json work?

This happens in 4 steps:

• The source of truth is this repo. That's where the latest config file exists here.
• CircleCI does deploys using the deploy.sh and some env vars and the echo context The deploy basically prepares the json file and uploads it to the s3 artsy-public bucket, under the eigen directory. It uploads 2 copies, one which is the main file users will be accessing, and a second copy which is mainly for reference/backup of our changes in that config file. The bucket is here The context credentials come from the artsy-echo IAM user, created based on these docs and the creds are under artsy-echo IAM Keypair in our password manager.
• Cloudfront is used to serve the directory s3:artsy-public/eigen under a domain name like xxxxx.cloudfront.net and allowing access from echo.artsy.net.
• Cloudflare is using a CNAME to point echo(.artsy.net) to the above domain name (xxxxx.cloudfront.net) .

⚠️ NOTE ⚠️: Everything in the Echo.json file is public and visible by anyone with the url below. This file should not be used to store/deliver any sensitive values/keys. Even if values are stored in circleci and then replaced in the final file, the values are still visible to the world.