Adding Vault certificate to the Deploy secret store

You can add the Vault certificates to the IBM DevOps Deploy (Deploy) secret store to authenticate with Vault-defined SSL/TLS client certificate.

  • You must have completed the following tasks:
    • Installed the Vault server and obtained the server address.
    • Ensured that an SSL/TLS client certificate is available in the PEM format.
  • You must have the following permissions:
    • Create, view, and edit secret store permissions to create a secret store.
    • Create, view, and edit Vault Certificate permissions to manage certificate of a secret store.
  1. Click Create Vault Secret Store.
  2. Create a secret store in the Manage Vault Secret Store window and provide the following details:
    Parameter Description
    Name Identifies the Vault secret store name.
    Note: Characters other than a-z, A-Z, 0-9, and - are not allowed.
    Description Conveys more information about the Vault.
    Teams Allows access to the Vault secret store to specific teams.
    URL Indicates the Vault server address.
  3. Save your changes.
    The secret store lists on the Secret Stores page.
  4. Add certificate to the secret store.
    1. Click the secret store to which you want to add the certificate.
    2. Click Certificates.
    3. Click Create Vault Certificate.

      The Manage Vault Certificate window is displayed.

    4. In the Manage Vault Certificate window, provide the following details:
      Parameter Description
      Name Identifies the Vault certificate name.

      The certificate name must match with the name in the Vault server.

      Certificate Copy the certificate in PEM format.
      Private Key Enter the private key in PEM format.
      Teams Allows access of the certificate to specific teams.
    5. Save your changes.

      The certificate is added to the Certificates page.

You have added certificate to the Deploy secret store.
You can test the integration. See Testing Vault certificate integration.