Adding Vault AppRoles to the Deploy secret store

You can add Vault AppRoles users to the IBM DevOps Deploy (Deploy) secret store to authenticate users with Vault-defined AppRole.

  • Ensure that you have installed the Vault server and obtained the server address.
  • You must have the following permissions:
    • Create, view, and edit secret store permissions to create a secret store.
    • Create, view, and edit Vault AppRole permissions to manage AppRoles of a secret store.
  1. Click Create Vault Secret Store.
  2. Create a secret store in the Manage Vault Secret Store window and provide the following details:
    Parameter Description
    Name Identifies the Vault secret store name.
    Note: Characters other than a-z, A-Z, 0-9, and - are not allowed.
    Description Conveys more information about the Vault.
    Teams Allows access to the Vault secret store to specific teams.
    URL Indicates the Vault server address.
  3. Save your changes.
    The secret store lists on the Secret Stores page.
  4. Add AppRoles users to the secret store.
    1. Click the secret store to which you want to add the AppRole.
    2. Click App Roles.
    3. Click Create Vault AppRole.

      The Manage Vault AppRole window is displayed.

    4. In the Manage Vault AppRole window, enter the following AppRole details:
      Parameter Description
      Name Identifies the Vault AppRole name.
      Note: Characters other than a-z, A-Z, 0-9, and - are not allowed.
      AppRole Id Specifies the RoleID of the Vault AppRole.
      Secret Id Specifies the SecretID of the Vault AppRole.
      Teams Allows access of the AppRole to specific teams.
    5. Save your changes.

      The AppRole is added to the Vault AppRoles page.

You have added AppRole users to the Deploy secret store.
You can test the integration. See Testing Vault AppRole integration.