From ba10e43d813fef2f35c0988bc0a0726034d13140 Mon Sep 17 00:00:00 2001
From: juliareynolds-nava <juliareynolds@navapbc.com>
Date: Thu, 15 Jan 2026 14:31:49 -0700
Subject: [PATCH 1/4] added bfd public mtls truststore certs for test and
 sandbox

---
 .../services/config/values/prod.sopsw.yaml    | 32 ++++++++++++++++++
 .../services/config/values/test.sopsw.yaml    | 33 +++++++++++++++++--
 2 files changed, 63 insertions(+), 2 deletions(-)

diff --git a/terraform/services/config/values/prod.sopsw.yaml b/terraform/services/config/values/prod.sopsw.yaml
index 2613de0f..3c999922 100644
--- a/terraform/services/config/values/prod.sopsw.yaml
+++ b/terraform/services/config/values/prod.sopsw.yaml
@@ -6,6 +6,38 @@
 /cdap/${env}/common/sensitive/artifactory/password: ENC[AES256_GCM,data:O87T1Y7qQNbEytR3pG1K7pHVX8F7OEz2CZ+0Uo/E2E1XNb6PSs9iAVnROC9Mio3uv9KRNHdWxt6wytfcil0JyA==,iv:lOneSA9kmP6ycjsXDb1PTBwTEmw0+svXk1ksQ5kP8oQ=,tag:tdAqOs6oTvgCg9DPsf/g1Q==,type:str]
 /cdap/${env}/common/sensitive/security-events/webhook-url: ENC[AES256_GCM,data:SawGrnZegQH9JCd4XLRqDJeU3yI9pt7eSjOyax7uIOl1PyJEHD1LahaaRipVsEC5y+FRftxkKax1WqjSo20vK19HhrlwPhN8T6PV/GyFVg==,iv:mRI+bXCQXKITQaiuC4EkNGUUuV4q7Ogg9xsZZs6PW6s=,tag:HP1C4OWLbwID9ckgsOFX/A==,type:str]
 /cdap/${env}/common/sensitive/sonarqube/token: ENC[AES256_GCM,data:eZucMWrzVWvl2q9cwCRXQfv809VF+ZTSFPthaTAX6yuZxrkmNkLqkKtiWCM=,iv:KQnKCOfRf4nfmhT4qrhUuFlmZqrC2DuhXSgVaxuYf4c=,tag:3q328+okWudtm6/7LTiSGQ==,type:str]
+/cdap/${env}/common/nonsensitive/bfd-server/mtls_certificate_sandbox: |
+  -----BEGIN CERTIFICATE-----
+  MIIFPTCCAyWgAwIBAgIJAKokm3IWN1IAMA0GCSqGSIb3DQEBDAUAMCsxKTAnBgNV
+  BAMTIHByb2Qtc2J4LmZoaXIuYmZkLmNtc2Nsb3VkLmxvY2FsMB4XDTI1MDUyMTE5
+  NDA0NVoXDTI3MDUyMTE5NDA0NVowKzEpMCcGA1UEAxMgcHJvZC1zYnguZmhpci5i
+  ZmQuY21zY2xvdWQubG9jYWwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+  AQCxtfwy1tlJrHn+nwMTd2ANqkPgE3d+iesQENR+JtSblyobIa0hFxqjQCVoJ8gx
+  xmdasXNUjPy/Mwxsf2GRV8tPo8gSz3fYYQAITX4Byp7jMu3yvwK1hEmpGOHm9Mqd
+  2YWpGbaT3OxFwW+gyvYFW7ekTIIs5NnuKvj9w8bwIpxayw19dA6gwCtItw6Pr0dV
+  pLjL+WcrsWASe5gfTMi6ObY7aHoDbhNzn+5PJisTdSF8HVsNz/rwbKS0sAgCcDHL
+  cl9YhJGD+GTatu2u5zK/hw8GlZCzz6dO9ePIEF9Gl3t/SP36YAGxQ2eUNrAOu606
+  DGKa7pXxtgHZf1aWKw3wNVj0FHYIjvl9Uriiby4Cz5FsqmbTS12/swxLv6yrrgK/
+  9/eLksKd6cvwFlRyGLhpSxv0wozVWExWGqLVPebvtRvsZdF8FQobrRFOzRjk73o5
+  ++2ufbaD0B9pFYoMDm5ul5FAQTUdmou5ZZCNJ/dkSyxgY1JlYLBILJgLAZSPbZCl
+  OqthUV+BjG9Uyhy9zWSUp8vhjPOtlGtv195rP3ajZ7HMSn0HVt5PCNd4XxXL2mv8
+  WPHoAFS+4blJUF8u96wKjxPzSieydKrkoVPopYIgfKUbroivMUhQRsY3t591EtAW
+  rVTGkFSv43tSox44DgGSOaLBbM5vTaO0GAdhLUDQE7qoqQIDAQABo2QwYjAdBgNV
+  HQ4EFgQUSA1GjmplpMpQxTol17CAG/MCDPIwQQYDVR0RBDowOIIgcHJvZC1zYngu
+  Zmhpci5iZmQuY21zY2xvdWQubG9jYWyCFHByb2Qtc2J4LmJmZC5jbXMuZ292MA0G
+  CSqGSIb3DQEBDAUAA4ICAQA18y+iKgHncEGW0R9E175inMwyHszVAe3uaD9eq/xt
+  amormagDs21FJSL1Aul/acrzdzuGPgLTUntsnFRBExz/cDdj9mVzzqHmZq4Ph/z5
+  aS6ugYMWmEps5XJpDHplSDiUqufqSnlzDp+0MKj8MyqPPKX+76ABMO5HpoIxszfI
+  GwctAJMT/8nvCCh1k8dwDoUpQBqrXNin1dAzdHkcX/dyHK2QpBCJBPobKmM7AGNL
+  UuI2xbWgdnt/ZfBqa1DhomMIt39+FsIgbi6YKgsM9tSxTIeC5Ow2eZM1JC8oqgQi
+  O/6/8kiPmHV3bnjKdsY5LjGb6mqvVBB1oUMRtykJh2VA4aDvGa1FKBqK0S8yiQvI
+  CJ7HV0qVdjkSSCgdIUodP+bFT6qJEylzWXfNkdKeIKxaMEdcCHpaLpWU2hL/WxYX
+  82FJa1jWmSO9bp+frpslIO+tbj8eyp8P3x+c5ydEOh7wAwBJxYOOT2d84iNuMCCH
+  AjegSpE6Y6tIraWXAWUlddkXZuP0u6kvzO+tBqHam4+eKtde3B12yPkiels66d6O
+  PeX5zhchW9mBRK1ckfWLIzlH6gNomUHVHq9uhlHT2N8CjcC+65Ip4cAuZlFJKLkF
+  wSBGLqRCSaB3KO1l0bsF+QqI9PD77es2g1dobi74Oc553pxNFLr/pXkjEn7hrizu
+  Rg==
+  -----END CERTIFICATE-----
 sops:
   kms:
     - arn: arn:aws:kms:us-east-1:${ACCOUNT_ID}:alias/cdap-prod
diff --git a/terraform/services/config/values/test.sopsw.yaml b/terraform/services/config/values/test.sopsw.yaml
index 93d36c5c..c431b0b4 100644
--- a/terraform/services/config/values/test.sopsw.yaml
+++ b/terraform/services/config/values/test.sopsw.yaml
@@ -6,6 +6,37 @@
 /cdap/${env}/common/sensitive/artifactory/password: ENC[AES256_GCM,data:nscDKdf+wuKMJ+gFpUIDb0zZbdBvsk3qYFey0/wbMw345ARL3u8vq2/YqUTnWAm1fYqieKOzq/yJYvM43CIZCg==,iv:XgWvwq94ShSpJwU659XXX/6bLv77oCECiza9FDJau+o=,tag:2afCpXFqv905cIQ0sRQIFg==,type:str]
 /cdap/${env}/common/sensitive/security-events/webhook-url: ENC[AES256_GCM,data:Vgp2HifAdY+8wNPltsPt9wZkVDd/YOvGLvzA5wU3Bn4XbEUwTDzJavSLNbTEZwYzGol6tryZBgk8hhP+HxyHNbB0xmJdo783ZZlou9rOQA==,iv:sMxWjUaXd4jfsE6U+cj9ft+8g7sBwVLI9g+1TiwS1eA=,tag:H6YaBowY//nIeppO7pTOQw==,type:str]
 /cdap/${env}/common/sensitive/sonarqube/token: ENC[AES256_GCM,data:YBillFWDRXEQqW3dTofMyf55zA6Xy3nJFhGF0L9al19GhdsS9xto8Qzq5Yg=,iv:XNUY9Q5PBFxnNYF/nOlMkeBvSHUcTbDNA1dD5xilgXg=,tag:+mR1nXu5rfqKK5/Y5bhLhA==,type:str]
+/cdap/${env}/common/nonsensitive/bfd-server/mtls_certificate: |
+  -----BEGIN CERTIFICATE-----
+  MIIFLDCCAxSgAwIBAgIIOB/waE+MjNowDQYJKoZIhvcNAQEMBQAwJzElMCMGA1UE
+  AxMcdGVzdC5maGlyLmJmZC5jbXNjbG91ZC5sb2NhbDAeFw0yNTA1MjExOTQwNDha
+  Fw0yNzA1MjExOTQwNDhaMCcxJTAjBgNVBAMTHHRlc3QuZmhpci5iZmQuY21zY2xv
+  dWQubG9jYWwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC/fEjmK8u
+  eZPtS2JWABjtxYqMQHxpicyFRGpl48mitJlteY+9XaAkiZN8LIrE6rl025s/dC9i
+  WbTtXHOC1/Sik3Kdw5pILLfH82bzwryWnmGkmq7X9c0+yJL4j7sa2y/yZlfhpU+P
+  gEFoYVE/RqfM+KBwUfnqU4fQzvPwn6YRkRwJaj3M8HHxGFp/tnLHhy0akmhnzZ/b
+  vis5aBfGgAJC69RGJfzLdq8BRqNrO15HbMIoYxpVDUEuHTNe2yR8l7Fvwr4QxTB9
+  BmmDKgUS2U9/1BqRzUOoYJcS9wCFDmwa/EVnUykdy0OeP4fP/P759f/R+kWQxFxP
+  wCJMbPPaeEC2ZpS7MYgeCOepSycXFCi2jPFVDxadc5/Hhp/ID7sM++YTUg4M9zVY
+  BPl2gsYmlhfE+FELNBb3L8Y7BLLgadvOtUZ2I9zm4LvEY+Z8I7nfnJ7olbMPc8JO
+  8FhSLoirPTtiWXZ2yaVzcmQH0ptbAxeeT2Uc8AzRjN2n+dvOCtyIiHjJwe5df8rr
+  MNdrbhyRpmA2odtQ/mfiWxCv64fEYmm05PxE7Nh/5unrL1jihd82d1xRloDxLb5f
+  sCfJSgKYKusd2bmP0YUQKrJBzDyNK0VY3dN0XPOqD5RmIuGpslKvSupcW+ZvMFIs
+  d/Oi5ldHYUomS0ZqobUNT45QmRO1/qfv8QIDAQABo1wwWjAdBgNVHQ4EFgQUf1K2
+  Nct+O84ZTuYlT7tF3cPWEJkwOQYDVR0RBDIwMIIcdGVzdC5maGlyLmJmZC5jbXNj
+  bG91ZC5sb2NhbIIQdGVzdC5iZmQuY21zLmdvdjANBgkqhkiG9w0BAQwFAAOCAgEA
+  YAz+jhfXyNqu0UL+vxuewWLKlH6zMTHXuycigfZmxsrOpz2eJIT2BHWn14lDG2ew
+  qgFUul3CSoRxH3wbxVmH2hNe+GBKGUineoJLwgC13PQY1vRaU1VHJR4Whi065/tL
+  2NpLehcAH3TSmSRPtF+FDKGEC+gyjUJFoeCM7PP7fT2O3ixQdnoMA1KqpYZeUb1O
+  Ng13lj48AXySDAQNeYwUYeFY2RRNbWAN645dtc80kVJY7OY8hZemYsdlBx1SUHZp
+  X2GcjTuq7GaJO4ThUXT0/ufsP9jpAiYQmssFWkbJVIrlhg6M1jkdxtvX7RN/c0kd
+  OBlusgIADBDfrPI64mLuKQez97MiFpChqymxAZ6IubKJATwwDu0JNoD6E2FlAYIn
+  ZxfbR1R/MpO5fm3Nfqkwt8f1l9035ZC2rHtCdZ261WF617PqU3EUW+WXNojeP6qF
+  RpS98nUB82w6TP4fkBYYZGNCgK9N+2jCFP9sLNA+o/SBnGucCzJ0Mbx38vxUw5pg
+  DnXKWBL1lhcpmWX2bSrghERnuJnyUYC0qsY6tOJsEDV6UccMSGs03AEDjY/OohNH
+  LgtvQosnDqfawNHFTwJ4Dc5Od+KGbFVfUZmy8+sTLOFvPl5PHAAe+d6CvdU91V8D
+  +V4U8pQYig4O/L6oZ2D7h3muHmxUF0wmqfkS2qvkqGg=
+  -----END CERTIFICATE-----
 sops:
   kms:
     - arn: arn:aws:kms:us-east-1:${ACCOUNT_ID}:alias/cdap-test
@@ -16,8 +47,6 @@ sops:
       created_at: "2026-01-12T15:49:48Z"
       enc: AQICAHj/7o5ejG2naYXXtV0msJC+UCEv8bGhFxVAE5it/FT42wG/hszzTI7suLqOYmXNFyXTAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM4W6xb7Tm4JiCfD3xAgEQgDsJw3SujEQIDc6EnUG79oVPM+CtjLt1aiAea82u8pYvv34tuvPlBwuYgzHfySZ0DahyGNyeECblkVWomA==
       aws_profile: ""
-  lastmodified: "2026-01-12T15:50:05Z"
-  mac: ENC[AES256_GCM,data:waISJhutyyT4V90DnG5l0Y4LGa7DIPH5rTujJcID4TuzoOfQulNeuw+XYASNK+2iLydGGNYthf22ZM+dnVY5dFlSW/r51u9GSzK4/Hf//xgPBpBNLix26aBXvaoZRaE9C064WFi9AQoZB5c68eprpuIfpLuKbe9HIYGB9MnZ8Ec=,iv:I6dsl/4EeKtQNkI55xK+vmkxzp6B/fWYXNJjIJH+er4=,tag:uejVq+KynO2uh8VKECzOPw==,type:str]
   unencrypted_regex: /nonsensitive/
   mac_only_encrypted: true
   version: 3.11.0

From be1de782bb5f63717a6daf4a269802d5d07c206d Mon Sep 17 00:00:00 2001
From: juliareynolds-nava <juliareynolds@navapbc.com>
Date: Thu, 15 Jan 2026 14:40:03 -0700
Subject: [PATCH 2/4] added bfd public mtls truststore certs for prod

---
 .../services/config/values/prod.sopsw.yaml    | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/terraform/services/config/values/prod.sopsw.yaml b/terraform/services/config/values/prod.sopsw.yaml
index 3c999922..cbd06d8c 100644
--- a/terraform/services/config/values/prod.sopsw.yaml
+++ b/terraform/services/config/values/prod.sopsw.yaml
@@ -38,6 +38,37 @@
   wSBGLqRCSaB3KO1l0bsF+QqI9PD77es2g1dobi74Oc553pxNFLr/pXkjEn7hrizu
   Rg==
   -----END CERTIFICATE-----
+/cdap/${env}/common/nonsensitive/bfd-server/mtls_certificate: |
+  -----BEGIN CERTIFICATE-----
+  MIIFLTCCAxWgAwIBAgIJAOqWW2If8ibEMA0GCSqGSIb3DQEBDAUAMCcxJTAjBgNV
+  BAMTHHByb2QuZmhpci5iZmQuY21zY2xvdWQubG9jYWwwHhcNMjUwNTIxMTk0MDQ0
+  WhcNMjcwNTIxMTk0MDQ0WjAnMSUwIwYDVQQDExxwcm9kLmZoaXIuYmZkLmNtc2Ns
+  b3VkLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtUeewY12
+  WlwhF1ML9MhUPM7P/Eg7jXEvpkvEcRNbSCuCGg8iTbDIAcLMFnPXBcw6WM5Flt2+
+  x/wQUZ/eWLQ2vJCNNvLxZubMYcsUJvm4MNDYUZdAVsMNcmWvJ33jz5aj7IE00OZX
+  nRWc1w3vMa8ruO7n1SSOLJ4Jhly4eKIh1GJSjxL6rdvUmvKZKcEj6Vp2mykJ6Dq9
+  OHIWpi7TgB6BbpmaFniv6iyiiUmUFfrjgJFk54yjAaT7jM+21Gm5EURQX2KIzf05
+  zPpr8wOWqxJVJK2blkfKuZ8V/uTwtbKkmDKjqo7t2ncIaH4/ud4Rwv+nCnFaFP5n
+  hLohZMtegnfBl9za9aT34bZ4ItvfXghuPNABbBj1B5rvbJWbXJEnjXAqTqbn2ljW
+  QMCkeJgQ8lxbCnlGaVKxJyIEDT4dlrgTdJKKfyTrp0NIrdN43Tw4/ppacPBSSpDu
+  irEWoshMnqWKzNxRQblVCCIT0YCLGCle7NTIoxPtlWE1NikQmNLlo8UzxZAuKh6J
+  cSgS65SGHjFaIqv34vOqFp8wZPBc0+KAGze358zTJQVA86MpYqzHTBSTXdJHex1A
+  VHHUUq42y+5aXbqsvxG9aBiYb5JzVO1r1gp1hi7gEPHxP6KA9okPc6iQWSmItvFf
+  XoOaUFycvj/LH+grdzddEQShCvAtW3JFDFMCAwEAAaNcMFowHQYDVR0OBBYEFMtJ
+  s33rm4fhXUgMT11nsJ+1wMUkMDkGA1UdEQQyMDCCHHByb2QuZmhpci5iZmQuY21z
+  Y2xvdWQubG9jYWyCEHByb2QuYmZkLmNtcy5nb3YwDQYJKoZIhvcNAQEMBQADggIB
+  AJh+TWyhUTWS+YWBhgn36DMu7E+H/mpMusBx1yXUHV04nAJ9Euea1pcX/igDz5Vn
+  rWYlj+Kkf+MFB8Ecc/lN9t0v5a33SSxOvhL2hdusMwgPKVoFGfc+QZMa7VsQgqOp
+  vugebonx3Xyc8QsQcxFNCD+TOO5iSdUOh8RtMES9Y2RWaMvoSnMk/t29lW8KFECj
+  l2TC8zwxYlPW07++mH3h3gdwUoU3JoQ210ny+uKeC2zo+qMv3F/bXZ+ad51rzWAo
+  vPCFHMfq2URwpPyOG3czKl74WJAurm78OyaVDem83xJem/XDnMrRvDPzEkcG19LA
+  aheKKIC/sryWugwQJx7WaVCPjJA3eBHeViq6gRL+NvqLhNxteBNJK4Wf3S8UfYxC
+  NFeVQPbpvqBxO8JJtMhMUD3y6TVZp5RpVlaLfA9BZd6axFfTYm4e0iT0ORVRI3OU
+  Ri+iH4wmi19bn0o6+VeNDne1HPx9xbqfze2/qEaCcNESYdUnauMbtW1jAnD1uNtZ
+  2F/4F5tqG84dTKGijtWJg8nyefZCmaBeJZi2W639VlVOv5uY1KOLrGW0cM0o8JKk
+  WcHj/BVCcYGJtwBKbWIuNZLRsV7UGLSFKPPjT5GoXk7WqMUvu+pTabVpj7bwyRU+
+  a6VzzftJOQBO4kMriNBUC1t3aQfjWjma668WCji9PN6v
+  -----END CERTIFICATE-----
 sops:
   kms:
     - arn: arn:aws:kms:us-east-1:${ACCOUNT_ID}:alias/cdap-prod

From 4bd4c8eb7af92773ae5a49cd7ca45301ff2dfd88 Mon Sep 17 00:00:00 2001
From: juliareynolds-nava <juliareynolds@navapbc.com>
Date: Thu, 15 Jan 2026 15:17:17 -0700
Subject: [PATCH 3/4] renamed values

---
 .../services/config/values/prod.sopsw.yaml    | 80 +++++++++----------
 .../services/config/values/test.sopsw.yaml    | 18 ++---
 2 files changed, 49 insertions(+), 49 deletions(-)

diff --git a/terraform/services/config/values/prod.sopsw.yaml b/terraform/services/config/values/prod.sopsw.yaml
index cbd06d8c..1ee11444 100644
--- a/terraform/services/config/values/prod.sopsw.yaml
+++ b/terraform/services/config/values/prod.sopsw.yaml
@@ -1,12 +1,35 @@
-/cdap/${env}/common/nonsensitive/artifactory/url: https://artifactory.cloud.cms.gov/artifactory
-/cdap/${env}/common/nonsensitive/artifactory/user: ab2d-bcda-dpc-plt
-/cdap/${env}/common/nonsensitive/security-events/renotify-after-days: 30
-/cdap/${env}/common/nonsensitive/security-events/severity-list: CRITICAL,HIGH,MEDIUM
-/cdap/${env}/common/nonsensitive/sonarqube/url: https://sonarqube.cloud.cms.gov
-/cdap/${env}/common/sensitive/artifactory/password: ENC[AES256_GCM,data:O87T1Y7qQNbEytR3pG1K7pHVX8F7OEz2CZ+0Uo/E2E1XNb6PSs9iAVnROC9Mio3uv9KRNHdWxt6wytfcil0JyA==,iv:lOneSA9kmP6ycjsXDb1PTBwTEmw0+svXk1ksQ5kP8oQ=,tag:tdAqOs6oTvgCg9DPsf/g1Q==,type:str]
-/cdap/${env}/common/sensitive/security-events/webhook-url: ENC[AES256_GCM,data:SawGrnZegQH9JCd4XLRqDJeU3yI9pt7eSjOyax7uIOl1PyJEHD1LahaaRipVsEC5y+FRftxkKax1WqjSo20vK19HhrlwPhN8T6PV/GyFVg==,iv:mRI+bXCQXKITQaiuC4EkNGUUuV4q7Ogg9xsZZs6PW6s=,tag:HP1C4OWLbwID9ckgsOFX/A==,type:str]
-/cdap/${env}/common/sensitive/sonarqube/token: ENC[AES256_GCM,data:eZucMWrzVWvl2q9cwCRXQfv809VF+ZTSFPthaTAX6yuZxrkmNkLqkKtiWCM=,iv:KQnKCOfRf4nfmhT4qrhUuFlmZqrC2DuhXSgVaxuYf4c=,tag:3q328+okWudtm6/7LTiSGQ==,type:str]
-/cdap/${env}/common/nonsensitive/bfd-server/mtls_certificate_sandbox: |
+/bfd/prod/mtls/nonsensitive/public.p12.b64: |
+  -----BEGIN CERTIFICATE-----
+  MIIFLTCCAxWgAwIBAgIJAOqWW2If8ibEMA0GCSqGSIb3DQEBDAUAMCcxJTAjBgNV
+  BAMTHHByb2QuZmhpci5iZmQuY21zY2xvdWQubG9jYWwwHhcNMjUwNTIxMTk0MDQ0
+  WhcNMjcwNTIxMTk0MDQ0WjAnMSUwIwYDVQQDExxwcm9kLmZoaXIuYmZkLmNtc2Ns
+  b3VkLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtUeewY12
+  WlwhF1ML9MhUPM7P/Eg7jXEvpkvEcRNbSCuCGg8iTbDIAcLMFnPXBcw6WM5Flt2+
+  x/wQUZ/eWLQ2vJCNNvLxZubMYcsUJvm4MNDYUZdAVsMNcmWvJ33jz5aj7IE00OZX
+  nRWc1w3vMa8ruO7n1SSOLJ4Jhly4eKIh1GJSjxL6rdvUmvKZKcEj6Vp2mykJ6Dq9
+  OHIWpi7TgB6BbpmaFniv6iyiiUmUFfrjgJFk54yjAaT7jM+21Gm5EURQX2KIzf05
+  zPpr8wOWqxJVJK2blkfKuZ8V/uTwtbKkmDKjqo7t2ncIaH4/ud4Rwv+nCnFaFP5n
+  hLohZMtegnfBl9za9aT34bZ4ItvfXghuPNABbBj1B5rvbJWbXJEnjXAqTqbn2ljW
+  QMCkeJgQ8lxbCnlGaVKxJyIEDT4dlrgTdJKKfyTrp0NIrdN43Tw4/ppacPBSSpDu
+  irEWoshMnqWKzNxRQblVCCIT0YCLGCle7NTIoxPtlWE1NikQmNLlo8UzxZAuKh6J
+  cSgS65SGHjFaIqv34vOqFp8wZPBc0+KAGze358zTJQVA86MpYqzHTBSTXdJHex1A
+  VHHUUq42y+5aXbqsvxG9aBiYb5JzVO1r1gp1hi7gEPHxP6KA9okPc6iQWSmItvFf
+  XoOaUFycvj/LH+grdzddEQShCvAtW3JFDFMCAwEAAaNcMFowHQYDVR0OBBYEFMtJ
+  s33rm4fhXUgMT11nsJ+1wMUkMDkGA1UdEQQyMDCCHHByb2QuZmhpci5iZmQuY21z
+  Y2xvdWQubG9jYWyCEHByb2QuYmZkLmNtcy5nb3YwDQYJKoZIhvcNAQEMBQADggIB
+  AJh+TWyhUTWS+YWBhgn36DMu7E+H/mpMusBx1yXUHV04nAJ9Euea1pcX/igDz5Vn
+  rWYlj+Kkf+MFB8Ecc/lN9t0v5a33SSxOvhL2hdusMwgPKVoFGfc+QZMa7VsQgqOp
+  vugebonx3Xyc8QsQcxFNCD+TOO5iSdUOh8RtMES9Y2RWaMvoSnMk/t29lW8KFECj
+  l2TC8zwxYlPW07++mH3h3gdwUoU3JoQ210ny+uKeC2zo+qMv3F/bXZ+ad51rzWAo
+  vPCFHMfq2URwpPyOG3czKl74WJAurm78OyaVDem83xJem/XDnMrRvDPzEkcG19LA
+  aheKKIC/sryWugwQJx7WaVCPjJA3eBHeViq6gRL+NvqLhNxteBNJK4Wf3S8UfYxC
+  NFeVQPbpvqBxO8JJtMhMUD3y6TVZp5RpVlaLfA9BZd6axFfTYm4e0iT0ORVRI3OU
+  Ri+iH4wmi19bn0o6+VeNDne1HPx9xbqfze2/qEaCcNESYdUnauMbtW1jAnD1uNtZ
+  2F/4F5tqG84dTKGijtWJg8nyefZCmaBeJZi2W639VlVOv5uY1KOLrGW0cM0o8JKk
+  WcHj/BVCcYGJtwBKbWIuNZLRsV7UGLSFKPPjT5GoXk7WqMUvu+pTabVpj7bwyRU+
+  a6VzzftJOQBO4kMriNBUC1t3aQfjWjma668WCji9PN6v
+  -----END CERTIFICATE-----
+/bfd/sandbox/mtls/nonsensitive/public.p12.b64: |
   -----BEGIN CERTIFICATE-----
   MIIFPTCCAyWgAwIBAgIJAKokm3IWN1IAMA0GCSqGSIb3DQEBDAUAMCsxKTAnBgNV
   BAMTIHByb2Qtc2J4LmZoaXIuYmZkLmNtc2Nsb3VkLmxvY2FsMB4XDTI1MDUyMTE5
@@ -38,37 +61,14 @@
   wSBGLqRCSaB3KO1l0bsF+QqI9PD77es2g1dobi74Oc553pxNFLr/pXkjEn7hrizu
   Rg==
   -----END CERTIFICATE-----
-/cdap/${env}/common/nonsensitive/bfd-server/mtls_certificate: |
-  -----BEGIN CERTIFICATE-----
-  MIIFLTCCAxWgAwIBAgIJAOqWW2If8ibEMA0GCSqGSIb3DQEBDAUAMCcxJTAjBgNV
-  BAMTHHByb2QuZmhpci5iZmQuY21zY2xvdWQubG9jYWwwHhcNMjUwNTIxMTk0MDQ0
-  WhcNMjcwNTIxMTk0MDQ0WjAnMSUwIwYDVQQDExxwcm9kLmZoaXIuYmZkLmNtc2Ns
-  b3VkLmxvY2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtUeewY12
-  WlwhF1ML9MhUPM7P/Eg7jXEvpkvEcRNbSCuCGg8iTbDIAcLMFnPXBcw6WM5Flt2+
-  x/wQUZ/eWLQ2vJCNNvLxZubMYcsUJvm4MNDYUZdAVsMNcmWvJ33jz5aj7IE00OZX
-  nRWc1w3vMa8ruO7n1SSOLJ4Jhly4eKIh1GJSjxL6rdvUmvKZKcEj6Vp2mykJ6Dq9
-  OHIWpi7TgB6BbpmaFniv6iyiiUmUFfrjgJFk54yjAaT7jM+21Gm5EURQX2KIzf05
-  zPpr8wOWqxJVJK2blkfKuZ8V/uTwtbKkmDKjqo7t2ncIaH4/ud4Rwv+nCnFaFP5n
-  hLohZMtegnfBl9za9aT34bZ4ItvfXghuPNABbBj1B5rvbJWbXJEnjXAqTqbn2ljW
-  QMCkeJgQ8lxbCnlGaVKxJyIEDT4dlrgTdJKKfyTrp0NIrdN43Tw4/ppacPBSSpDu
-  irEWoshMnqWKzNxRQblVCCIT0YCLGCle7NTIoxPtlWE1NikQmNLlo8UzxZAuKh6J
-  cSgS65SGHjFaIqv34vOqFp8wZPBc0+KAGze358zTJQVA86MpYqzHTBSTXdJHex1A
-  VHHUUq42y+5aXbqsvxG9aBiYb5JzVO1r1gp1hi7gEPHxP6KA9okPc6iQWSmItvFf
-  XoOaUFycvj/LH+grdzddEQShCvAtW3JFDFMCAwEAAaNcMFowHQYDVR0OBBYEFMtJ
-  s33rm4fhXUgMT11nsJ+1wMUkMDkGA1UdEQQyMDCCHHByb2QuZmhpci5iZmQuY21z
-  Y2xvdWQubG9jYWyCEHByb2QuYmZkLmNtcy5nb3YwDQYJKoZIhvcNAQEMBQADggIB
-  AJh+TWyhUTWS+YWBhgn36DMu7E+H/mpMusBx1yXUHV04nAJ9Euea1pcX/igDz5Vn
-  rWYlj+Kkf+MFB8Ecc/lN9t0v5a33SSxOvhL2hdusMwgPKVoFGfc+QZMa7VsQgqOp
-  vugebonx3Xyc8QsQcxFNCD+TOO5iSdUOh8RtMES9Y2RWaMvoSnMk/t29lW8KFECj
-  l2TC8zwxYlPW07++mH3h3gdwUoU3JoQ210ny+uKeC2zo+qMv3F/bXZ+ad51rzWAo
-  vPCFHMfq2URwpPyOG3czKl74WJAurm78OyaVDem83xJem/XDnMrRvDPzEkcG19LA
-  aheKKIC/sryWugwQJx7WaVCPjJA3eBHeViq6gRL+NvqLhNxteBNJK4Wf3S8UfYxC
-  NFeVQPbpvqBxO8JJtMhMUD3y6TVZp5RpVlaLfA9BZd6axFfTYm4e0iT0ORVRI3OU
-  Ri+iH4wmi19bn0o6+VeNDne1HPx9xbqfze2/qEaCcNESYdUnauMbtW1jAnD1uNtZ
-  2F/4F5tqG84dTKGijtWJg8nyefZCmaBeJZi2W639VlVOv5uY1KOLrGW0cM0o8JKk
-  WcHj/BVCcYGJtwBKbWIuNZLRsV7UGLSFKPPjT5GoXk7WqMUvu+pTabVpj7bwyRU+
-  a6VzzftJOQBO4kMriNBUC1t3aQfjWjma668WCji9PN6v
-  -----END CERTIFICATE-----
+/cdap/${env}/common/nonsensitive/artifactory/url: https://artifactory.cloud.cms.gov/artifactory
+/cdap/${env}/common/nonsensitive/artifactory/user: ab2d-bcda-dpc-plt
+/cdap/${env}/common/nonsensitive/security-events/renotify-after-days: 30
+/cdap/${env}/common/nonsensitive/security-events/severity-list: CRITICAL,HIGH,MEDIUM
+/cdap/${env}/common/nonsensitive/sonarqube/url: https://sonarqube.cloud.cms.gov
+/cdap/${env}/common/sensitive/artifactory/password: ENC[AES256_GCM,data:O87T1Y7qQNbEytR3pG1K7pHVX8F7OEz2CZ+0Uo/E2E1XNb6PSs9iAVnROC9Mio3uv9KRNHdWxt6wytfcil0JyA==,iv:lOneSA9kmP6ycjsXDb1PTBwTEmw0+svXk1ksQ5kP8oQ=,tag:tdAqOs6oTvgCg9DPsf/g1Q==,type:str]
+/cdap/${env}/common/sensitive/security-events/webhook-url: ENC[AES256_GCM,data:SawGrnZegQH9JCd4XLRqDJeU3yI9pt7eSjOyax7uIOl1PyJEHD1LahaaRipVsEC5y+FRftxkKax1WqjSo20vK19HhrlwPhN8T6PV/GyFVg==,iv:mRI+bXCQXKITQaiuC4EkNGUUuV4q7Ogg9xsZZs6PW6s=,tag:HP1C4OWLbwID9ckgsOFX/A==,type:str]
+/cdap/${env}/common/sensitive/sonarqube/token: ENC[AES256_GCM,data:eZucMWrzVWvl2q9cwCRXQfv809VF+ZTSFPthaTAX6yuZxrkmNkLqkKtiWCM=,iv:KQnKCOfRf4nfmhT4qrhUuFlmZqrC2DuhXSgVaxuYf4c=,tag:3q328+okWudtm6/7LTiSGQ==,type:str]
 sops:
   kms:
     - arn: arn:aws:kms:us-east-1:${ACCOUNT_ID}:alias/cdap-prod
diff --git a/terraform/services/config/values/test.sopsw.yaml b/terraform/services/config/values/test.sopsw.yaml
index c431b0b4..87fdefee 100644
--- a/terraform/services/config/values/test.sopsw.yaml
+++ b/terraform/services/config/values/test.sopsw.yaml
@@ -1,12 +1,4 @@
-/cdap/${env}/common/nonsensitive/artifactory/url: https://artifactory.cloud.cms.gov/artifactory
-/cdap/${env}/common/nonsensitive/artifactory/user: ab2d-bcda-dpc-plt
-/cdap/${env}/common/nonsensitive/security-events/renotify-after-days: 30
-/cdap/${env}/common/nonsensitive/security-events/severity-list: CRITICAL,HIGH,MEDIUM
-/cdap/${env}/common/nonsensitive/sonarqube/url: https://sonarqube.cloud.cms.gov
-/cdap/${env}/common/sensitive/artifactory/password: ENC[AES256_GCM,data:nscDKdf+wuKMJ+gFpUIDb0zZbdBvsk3qYFey0/wbMw345ARL3u8vq2/YqUTnWAm1fYqieKOzq/yJYvM43CIZCg==,iv:XgWvwq94ShSpJwU659XXX/6bLv77oCECiza9FDJau+o=,tag:2afCpXFqv905cIQ0sRQIFg==,type:str]
-/cdap/${env}/common/sensitive/security-events/webhook-url: ENC[AES256_GCM,data:Vgp2HifAdY+8wNPltsPt9wZkVDd/YOvGLvzA5wU3Bn4XbEUwTDzJavSLNbTEZwYzGol6tryZBgk8hhP+HxyHNbB0xmJdo783ZZlou9rOQA==,iv:sMxWjUaXd4jfsE6U+cj9ft+8g7sBwVLI9g+1TiwS1eA=,tag:H6YaBowY//nIeppO7pTOQw==,type:str]
-/cdap/${env}/common/sensitive/sonarqube/token: ENC[AES256_GCM,data:YBillFWDRXEQqW3dTofMyf55zA6Xy3nJFhGF0L9al19GhdsS9xto8Qzq5Yg=,iv:XNUY9Q5PBFxnNYF/nOlMkeBvSHUcTbDNA1dD5xilgXg=,tag:+mR1nXu5rfqKK5/Y5bhLhA==,type:str]
-/cdap/${env}/common/nonsensitive/bfd-server/mtls_certificate: |
+/bfd/${test}/mtls/nonsensitive/public.p12.b64: |
   -----BEGIN CERTIFICATE-----
   MIIFLDCCAxSgAwIBAgIIOB/waE+MjNowDQYJKoZIhvcNAQEMBQAwJzElMCMGA1UE
   AxMcdGVzdC5maGlyLmJmZC5jbXNjbG91ZC5sb2NhbDAeFw0yNTA1MjExOTQwNDha
@@ -37,6 +29,14 @@
   LgtvQosnDqfawNHFTwJ4Dc5Od+KGbFVfUZmy8+sTLOFvPl5PHAAe+d6CvdU91V8D
   +V4U8pQYig4O/L6oZ2D7h3muHmxUF0wmqfkS2qvkqGg=
   -----END CERTIFICATE-----
+/cdap/${env}/common/nonsensitive/artifactory/url: https://artifactory.cloud.cms.gov/artifactory
+/cdap/${env}/common/nonsensitive/artifactory/user: ab2d-bcda-dpc-plt
+/cdap/${env}/common/nonsensitive/security-events/renotify-after-days: 30
+/cdap/${env}/common/nonsensitive/security-events/severity-list: CRITICAL,HIGH,MEDIUM
+/cdap/${env}/common/nonsensitive/sonarqube/url: https://sonarqube.cloud.cms.gov
+/cdap/${env}/common/sensitive/artifactory/password: ENC[AES256_GCM,data:nscDKdf+wuKMJ+gFpUIDb0zZbdBvsk3qYFey0/wbMw345ARL3u8vq2/YqUTnWAm1fYqieKOzq/yJYvM43CIZCg==,iv:XgWvwq94ShSpJwU659XXX/6bLv77oCECiza9FDJau+o=,tag:2afCpXFqv905cIQ0sRQIFg==,type:str]
+/cdap/${env}/common/sensitive/security-events/webhook-url: ENC[AES256_GCM,data:Vgp2HifAdY+8wNPltsPt9wZkVDd/YOvGLvzA5wU3Bn4XbEUwTDzJavSLNbTEZwYzGol6tryZBgk8hhP+HxyHNbB0xmJdo783ZZlou9rOQA==,iv:sMxWjUaXd4jfsE6U+cj9ft+8g7sBwVLI9g+1TiwS1eA=,tag:H6YaBowY//nIeppO7pTOQw==,type:str]
+/cdap/${env}/common/sensitive/sonarqube/token: ENC[AES256_GCM,data:YBillFWDRXEQqW3dTofMyf55zA6Xy3nJFhGF0L9al19GhdsS9xto8Qzq5Yg=,iv:XNUY9Q5PBFxnNYF/nOlMkeBvSHUcTbDNA1dD5xilgXg=,tag:+mR1nXu5rfqKK5/Y5bhLhA==,type:str]
 sops:
   kms:
     - arn: arn:aws:kms:us-east-1:${ACCOUNT_ID}:alias/cdap-test

From ecc6a5ec42cc943cd20e558c20760a53af6c2c20 Mon Sep 17 00:00:00 2001
From: juliareynolds-nava <juliareynolds@navapbc.com>
Date: Fri, 16 Jan 2026 07:53:04 -0700
Subject: [PATCH 4/4] renamed variable

---
 terraform/services/config/values/test.sopsw.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/services/config/values/test.sopsw.yaml b/terraform/services/config/values/test.sopsw.yaml
index 87fdefee..f78b7f2b 100644
--- a/terraform/services/config/values/test.sopsw.yaml
+++ b/terraform/services/config/values/test.sopsw.yaml
@@ -1,4 +1,4 @@
-/bfd/${test}/mtls/nonsensitive/public.p12.b64: |
+/bfd/${env}/mtls/nonsensitive/public.p12.b64: |
   -----BEGIN CERTIFICATE-----
   MIIFLDCCAxSgAwIBAgIIOB/waE+MjNowDQYJKoZIhvcNAQEMBQAwJzElMCMGA1UE
   AxMcdGVzdC5maGlyLmJmZC5jbXNjbG91ZC5sb2NhbDAeFw0yNTA1MjExOTQwNDha