Token Verification Checklist
This checklist guides you through verifying your development environment is functioning correctly after updating your environment variables to use your own permanent token values for Bitbucket (coderepo), VA Nexus and MAP Sandbox (DTR) accounts.
Prerequisites
-
You have received your permanent user credentials for your VA Crowd (used for Jira, VA Nexus, Bitbucket and Confluence) and MAP Sandbox (used for accessing MAP Sandbox Jenkins and Nexus, a.k.a. DTR) accounts.
-
You have generated personal access tokens for Bitbucket, VA Nexus and MAP Sandbox DTR (see Creating Token Values).
It is highly recommended that you create token values that do not expire for your required VA accounts once you have your credentials. This will prevent you from having to update your environment variables if/when you have to change your account passwords. -
You have updated your environment variables (e.g., in
~/.zshrc) to use your own user/token values (see Environment Variable Configuration). -
You have sourced your shell configuration or restarted your terminal session.
Verification Steps
-
Reload Environment Variables
source ~/.zshrc -
Verify Environment Variable Values
echo $VA_NEXUS_USER # VA Nexus generated username (not your Crowd username) echo $VA_NEXUS_PWD # VA Nexus generated token value (not your Crowd password) echo $VA_BITBT_USER # Bitbucket username (your actual Crowd username) echo $VA_BITBT_PWD # Bitbucket generated token value (not your Crowd password) echo $DTR_USER # MAP Sandbox DTR generated username (not your Sandbox username) echo $DTR_PWD # MAP Sandbox DTR generated token value (not your Sandbox password) -
Test MAP Sandbox DTR Access
# Log out of any existing DTR sessions to ensure you are testing with the new credentials docker logout $DTR_URL echo $DTR_PWD | docker login $DTR_URL -u $DTR_USER --password-stdinExpected result: Login Succeeded
-
Test Bitbucket Access
git ls-remote https://coderepo.mobilehealth.va.gov/scm/ckm/common-app-config.gitExpected result: List of remote references (no authentication errors)
-
Test Maven and VA Nexus Access
From within any service directory that has been pulled (e.g.,
location-service), run the following command to verify Maven can access the local repository without authentication issues. This will also confirm that your VA Nexus access is working, since Maven will attempt to access the local repository and may need to authenticate with VA Nexus if dependencies are not already cached locally.mvn help:evaluate -Dexpression=settings.localRepositoryExpected result: Maven command completes successfully and outputs the local repository path
If you have pulled a new service that has not been built before, you can also run mvn clean install -Pwith-skaffoldto verify that dependencies can be pulled from VA Nexus without authentication issues. -
Check For Outdated Credentials In Your Keychain
Open Keychain Access and search for any entries with
va.govin them. Usually there will be one or more entries for coderepo (Bitbucket) that were created by your IDE or when you performed Git operations. If you find any entries with the credentials issued to you during onboarding, update them to use your username and token value or delete them and re-authenticate with Git to create new entries. -
Run Scripts To Find Onboarding Credentials
As a final check, run the following commands in your terminal to search for any instances of your onboarding credentials that may be stored in your Git config, Maven config, dot files, keychain, home directory or IntelliJ configs. This is not an exhaustive search but should help catch any commonly missed locations. If you find any instances of onboarding credentials, update them to use your username and token value or delete them and re-authenticate as needed. If you have any questions about any found instances, discuss with Onboarding leadership.
# Search Git config git config --global --list | grep -E "mccormickc|felch" grep -ER "mccormickc|felch" ~/.gitconfig # Search Maven config grep -ER "mccormickc|felch" ~/.m2/settings.xml # Search dot files grep -ER "mccormickc|felch" ~/.zshrc ~/.bashrc ~/.bash_profile ~/.netrc ~/.zprofile ~/.ready-check-env-config 2>/dev/null # Search keychain security find-generic-password -a mccormickc -g 2>&1 | grep "acct" security find-generic-password -a felch -g 2>&1 | grep "acct" security dump-keychain | grep -E "mccormickc|felch" # These next two are slow, the above commands are quick and will find most possible problems # Search home directory / slow running grep -ER "mccormickc|felch" ~ 2>/dev/null # Search IntelliJ configs / slow running grep -ER "mccormickc|felch" ~/Library/Preferences/IntelliJIdea* 2>/dev/null grep -ER "mccormickc|felch" ~/Library/Application\ Support/JetBrains/IntelliJIdea* 2>/dev/null -
Update Credentials For Development Tools
If you are using the Bitbucket IntelliJ plugin, Jira CLI or Jenkins CLI tools, be sure to update any stored credentials within those tools to use your new user and password/token values instead of the onboarding credentials. Check the following environment variables and follow the instructions for each tool to update them appropriately:
echo $JIRA_API_TOKEN echo $JENKINS_API_USER echo $JENKINS_API_TOKEN
Troubleshooting
If any step fails:
-
Double-check that your environment variables are set and exported correctly.
-
Ensure your token values are current and have not expired (if created with an expiration).
-
For Bitbucket, double-check for outdated credentials in your keychain and update as needed.
-
For Maven, verify your
settings.xmlis present and correctly configured. -
For OrbStack/Docker, ensure it is running and your credentials are correct.
Additional Notes
-
Ensure that your created tokens are not set to expire. If you have any issues with token expiration, you may need to generate new tokens and update your environment variables accordingly.
-
If you encounter persistent issues, consult the onboarding documentation or contact the onboarding team for assistance.