Cloud Credentials

Objective

This guide provides instructions on how to create cloud API credentials using the guided wizards in VoltConsole. For more information on VoltConsole, please refer to concepts documentation.

Cloud credentials are used to access services provided by AWS, Azure, and GCP to create, read, update, or delete objects needed to deploy and manage your applications in public cloud environments via Volterra automation.


Prerequisites

Note: In case you do not have an account, see Create a Volterra Account.

  • Public cloud account with credentials, tenant definitions and certificates already created.

Configuration

Add Cloud Credentials

Perform the following steps:

Step 1: Log into the VoltConsole and start Cloud Credentials object creation.

Select Manage from the configuration menu in the system tab. Select Site Management from the options. Click Cloud Credentials.

image2
Figure: Create Cloud Credentials

Step 2: Start creating cloud credentials. After clicking on the Add Cloud Credentials button in the middle of the page if this is your first entry or the link at the top of the page, type in a name for the credential you are creating. Optionally, you can add labels and a description to this entry.

image6
Figure: Cloud Credentials Metadata

Step 3: Select cloud credential type. Select a cloud credential type from the drop down menu. There are options for AWS programmatic access credentials, Azure credential client certificate, Azure client secret for service principal, and GCP credentials.

cred types
Figure: Cloud Credential Types

Step 4: Configure credentials.
Steps for AWS Programmable Access Credentials
  • Retrieve your access key id and secret you intend to use for accessing AWS API services from your AWS Management Console IAM Dashboard (AWS IAM Reference)
  • Enter the AWS Access Key ID that you retrieved from your AWS account

image8
Figure: Secret Access Key entry

  • Configure Secret Access Key by clicking on the Configure link below where you entered the Access Key ID.

image5
Figure: Secret Access Key entry

  • Secret information can be one of two types via drop-down

    • Blindfold Secret: Used for secrets managed by Volterra Secret Management Service (Recommended as this service provides a high level of security)
    • Clear Secret: Used for secrets that are not encrypted
  • Policy information can be one of two types via drop-down

    • Built-in: Provides a list of Volterra provided set of generic policies
    • Custom: Provides a list of user defined policies which have been defined under SystemSecuritySecrets
  • Type is the text or blindfold value of the AWS Secret Key. Enter the text value and click on the Blindfold button to generate the blindfold key based on the AWS Secret Key.

image9
Figure: Secret Access Key entry result after entering text and clicking on Blindfold (Click on Edit link to see this result)

image1
Figure: Entries for Azure Client Certificate

  • Once the key has been generated or entered, click on the Save and Exit button to exit the wizard and save your AWS credentials for use with Volterra services.
Steps for Azure Credential Client Certificate for Service Principal
  • Retrieve your Client ID, Subscription ID, Tenant ID, Certificate and Certificate Password you intend to use for accessing Azure API services from your Azure Portal (Azure Key Vault Reference) (Azure Key Vault Quick Start)
  • Enter the Azure Client ID, Subscription ID and Tenant ID that you retrieved from your Azure account
  • Enter your Client Certificate in the following format:

    string:///<base64 encoded string of the certificate>

image7
Figure: Entries for Azure Client Secret

  • Click on the Configure link to enter the Certificate Password you retrieved from the Azure Portal and enter in the same manner as was done for the AWS Access Secret Key in Steps for AWS Programmable Access Credentials using either the Clear Secret or Blindfold Secret options.
Steps for Azure Client Secret for Service Principal Credentials
  • Retrieve your Client ID, Subscription ID, Tenant ID and Client Secret you intend to use for accessing Azure API services from your Azure Portal (Azure Key Vault Reference) (Azure Key Vault Quick Start)
  • Enter the Azure Client ID, Subscription ID and Tenant ID that you retrieved from your Azure account

image3
Figure: Entries for Azure Client Secret

  • Click on the Configure link to enter the Secret Key you retrieved from the Azure Portal and enter in the same manner as was done for the AWS Secret Key in Steps for AWS Programmable Access Credentials using either the Clear Secret or Blindfold Secret options.
  • Click Apply and then click Save and Exit to complete creating Azure credentials.
Steps for secret configuration for GCP Credentials
  • Retrieve the service account key for your project from GCP. For information on how to generate service account key, see Creating and Managing Service Account Keys.
  • Select GCP Credentials for the Select Cloud Credential Type field. Click Configure.

gcp type
Figure: GCP Credentials

  • Enter the service account Key you retrieved from the GCP and enter in the same manner as was done for the AWS Secret Key in Steps for AWS Programmable Access Credentials using either the Clear Secret or Blindfold Secret options.
  • Click Apply and then click Save and Exit to complete creating GCP cloud credentials.