Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Applies to: Kyvos Enterprise    Kyvos Cloud (Managed Services on AWS)     Kyvos Azure Marketplace

Kyvos AWS Marketplace    Kyvos Single Node Installation (Kyvos SNI)     Kyvos Free ( Limited offering for AWS)

Creating a secret

Creating a secret requires the Secret Manager Admin role (roles/secretmanager.admin) to be assigned to the user creating the secret on the project.

Secret Manager can be created using the GCP Console or Gcloud command. 

To create a secret, perform the following steps.

Permissions for Accessing Secret Manager

Assigning appropriate permissions to access Secret Manager requires a role to be attached to Kyvos Service Account attached to Kyvos Components.

Steps to create role for Secret Manager:

  1. Click Roles > Create new role. Provide a name like secret-manager-role for storage service and assign the following permissions.
    • versions.access
    • versions.add
  2. Go to IAM & Admin > IAM. Search for the service account that was created for Kyvos.
  3. Click Edit Principal.
  4. Click Add another role. Select the secret-manager-role (created in Step1).
  5. Click Add condition.
  6. Enter the Title as Secret Manager permission, and add conditions as:
    1. Adding the first condition
      1. Select the Condition Type as Resource > Name.
      2. Select the Operator as Starts with
      3. In the Value field, enter the Resource ID of Secret manager captured in Creating a secret section.
    2. Adding the second condition
      1. Click Add to add another condition.
      2. Select the Condition Type as Resource > Service.
      3. Select the Operator as is
      4. In Resource Service, select the secretmanager.googleapis.com service. To know more about this service, refer to Google Documentation.
    3. Click Save.
  • No labels

Copyright Kyvos, Inc. All rights reserved.