You can add the Vault certificates to the IBM DevOps Deploy (Deploy) secret store to
authenticate with Vault-defined SSL/TLS client certificate.
Before you begin
- You must have completed the following tasks:
- Installed the Vault server and obtained the server address.
- Ensured that an SSL/TLS client certificate is available in the PEM
format.
- You must have the following permissions:
- Create, view, and edit secret store permissions to create a secret
store.
- Create, view, and edit Vault Certificate permissions to manage
certificate of a secret store.
Procedure
-
Click Create Vault Secret Store.
-
Create a secret store in the Manage Vault Secret Store window and
provide the following details:
| Parameter |
Description |
| Name |
Identifies the Vault secret store name. Note: Characters other than a-z,
A-Z, 0-9, and - are not
allowed.
|
| Description |
Conveys more information about the
Vault. |
| Teams |
Allows access to the Vault secret store to
specific teams. |
| URL |
Indicates the Vault server address. |
-
Save your changes.
The secret store lists on the Secret Stores page.
-
Add certificate to the secret store.
- Click the secret store to which you want to add the certificate.
- Click Certificates.
- Click Create Vault Certificate.
The
Manage Vault Certificate window is
displayed.
- In the Manage Vault Certificate window, provide the
following details:
| Parameter |
Description |
| Name |
Identifies the Vault
certificate name. The certificate name must match
with the name in the Vault server.
|
| Certificate |
Copy the certificate
in PEM format. |
| Private
Key |
Enter the private key
in PEM format. |
| Teams |
Allows access of the
certificate to specific teams. |
- Save your changes.
The certificate is added to the
Certificates page.
Results
You have added certificate to the Deploy secret
store.
What to do next
You can test the integration. See Testing Vault certificate integration.