This page documents how to update Sourcegraph.com site configuration.
Also refer to [Sourcegraph.com (dotcom) operational playbooks](https://sourcegraph.notion.site/Sourcegraph-com-dotcom-operational-playbooks-b3b6e85251f6437499a68b449dc782af) for more general playbooks.
<aside> ❓ Why can’t I edit the page through the site-admin page? Site configuration for Sourcegraph.com is split into two files. One contains non-sensitive configurations and the other production secrets such as GitHub OAuth credentials. The instance loads site configuration from these files, and they cannot be edited from the Sourcegraph.com user interface.
</aside>
Non-sensitive configurations and env vars are stored in an overlay. Other config files can be found in the overlay folder. To update the non-sensitive configuration, follow these steps:
Our site configuration contains many secrets like OAuth credentials. It is stored in GSM in the sourcegraph-dev
project. The secrets are synced to the cluster using Terraform, and is managed in the dotcom workspace on Terraform Cloud.
To update secrets in site config for our Dotcom deployment, follow these steps:
Use this Entitle link to gain Secrets Admin access to the sourcegraph-dev
project.
Navigate to the project’s Google Secret Manager (GSM) resources.
In GSM, copy the contents of the latest version of the secret and make the necessary changes.
Create a new GSM secret version with the updated site configuration. Disable all previous versions.
Start a new run in the dotcom Terraform Cloud workspace to apply your updated GSM secrets in-cluster.
<aside>
🔒 Syncing new secret versions requires additional access to the Terraform Cloud workspace. You can request access via Entitle, use Terraform Cloud: Infrastructure - Core Services - Member
or kindly request someone from #discuss-core-services or #discuss-security to apply the workspace changes for you. This is required to approve and apply any pending runs.
Note that you must log in to Terraform Cloud before making your Entitle request. If you make your Entitle request, then log in, you will be removed from any team memberships granted through Entitle by Terraform Cloud's SSO implementation.
</aside>