move off of cerberus (#530)

[#187388396]
it's getting shut down and we need to stop using it :(

ci/pipelines/cf-mgmt/pipeline.yml

@@ -9,58 +9,42 @@
 #! ************************************
 #! Secrets we need to run this pipeline
 #! ************************************
-#! this needs to come first, else all other vars can't be resolved.
-#! cerberus creds are required to access the teams vault instance managed by cerberus. The creds have been created manually via the vault-cli targetting the teams cerberus vault. Example steps to create an approle are here: https://developer.hashicorp.com/vault/docs/auth/approle the required value for policies is `restricted-admin` the auth method is mounted on the standard path.
-cerberus: &cerberus
-  role_id: ((cerberus-auth.role_id))
-  secret_id: ((cerberus-auth.secret_id))
-cerberus_url: &cerberus_url ((cerberus-auth.url))
-
 secrets:
 #! gcr_viewer_key was needed on 2024-03-24 for getting concourse container images from our GCR instance. Generated by using personal creds to log into the mapbu-cryogenics google cloud project.
-- &gcr_viewer_key  ((cerberus:gcr.viewer_key))
+- &gcr_viewer_key  ((gcr.viewer_key))
 
 #! dockerhub_password was needed on 2023-09-15 to publish releases to Docker.
 #! Generated by using the associated username to log in to DockerHub webui and setting there.
-- &dockerhub_password ((cerberus:dockerhub.password))
+- &dockerhub_password ((dockerhub.password))
 #! dockerhub_username was needed on 2023-09-15 to publish releases to Docker.
 #! Generated by opening a DockerHub account
 #! This account is different to the cryogenics dockerhub account, it is part of the pivotalservices repo.
-- &dockerhub_username ((cerberus:dockerhub.username))
+- &dockerhub_username ((dockerhub.username))
 #! dockerhub_repository was needed on 2023-09-15 to publish releases to Docker. This is not really a secret, this is the repo into which the cf-mgmt image is published.
-- &dockerhub_repository ((cerberus:dockerhub.repository))
+- &dockerhub_repository ((dockerhub.repository))
 #! dockerhub_repository was needed on 2023-09-15 to publish releases to Docker. This is not really a secret, this is the tag we use when we publish new images.
-- &dockerhub_tag ((cerberus:dockerhub.tag))
+- &dockerhub_tag ((dockerhub.tag))
 
 #! github_access_token is required to create PRs against repos used in this pipeline. It lives in runway vault under the path 'runway_concourse/cryogenics/github'
-- &github_access_token ((cerberus:github.access_token))
+- &github_access_token ((github.access_token))
 #! github_ssh_key is required to pull and push the repos used in this pipeline. It lives in runway vault under the path 'runway_concourse/cryogenics/github'
-- &github_ssh_key ((cerberus:github.ssh_key))
+- &github_ssh_key ((github.ssh_key))
 #! github_email and github_user were added on 2023-12-19 to make the bump-go-module commits
-- &github_email ((cerberus:github.email))
-- &github_user ((cerberus:github.user))
+- &github_email ((github.email))
+- &github_user ((github.user))
 
 #! slack_webhook was needed on 2023-09-15 for notifying the #mapbu-cryogenics-ci channel when builds are published.
-- &slack_webhook ((cerberus:slack.webhook))
+- &slack_webhook ((slack.webhook))
 
 #! shepherd_account_key was needed on 2023-09-28 to claim shepherd environments. It was created using `shepherd create service-account` after logging in with WS1.
-- &shepherd_account_key ((cerberus:shepherd.sa_key))
+- &shepherd_account_key ((shepherd.sa_key))
 
 #! **************
 #! End of secrets
 #! **************
 
 number_of_claim_env_retries: &number_of_claim_env_retries 5
 
-var_sources:
-- name: cerberus
-  type: vault
-  config:
-    auth_backend: approle
-    auth_params: *cerberus
-    url: *cerberus_url
-    path_prefix: secret
-    lookup_templates: [ "/{{.Pipeline}}/{{.Secret}}", "/{{.Secret}}" ]
 groups:
 - name: test
   jobs: