Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)

Creating a secret

Creating a secret requires the Secret Manager Admin role (roles/secretmanager.admin) to be assigned to the user creating the secret on the project.

Secret Manager can be created using the GCP Console or Gcloud command. 

To create a secret, perform the following steps.

Permissions for Accessing Secret Manager

Assigning appropriate permissions to access Secret Manager requires a role to be attached to Kyvos Service Account attached to Kyvos Components.

Steps to create role for Secret Manager:

1. Click Roles > Create new role. Provide a name like secret-manager-role for storage service and assign the following permissions.

   • versions.access

   • versions.add
     
     

     Open

     

2. Go to IAM & Admin > IAM. Search for the service account that was created for Kyvos.

3. Click Edit Principal.

   Open

   

4. Click Add another role. Select the secret-manager-role (created in Step1).

5. Click Add condition.

6. Enter the Title as Secret Manager permission, and add conditions as:

   1. Adding the first condition
      
      

      1. Select the Condition Type as Resource > Name.

      2. Select the Operator as Starts with

      3. In the Value field, enter the Resource ID of Secret manager captured in Creating a secret section.
         
         

   2. Adding the second condition

      1. Click Add to add another condition.

      2. Select the Condition Type as Resource > Service.

      3. Select the Operator as is

      4. In Resource Service, select the secretmanager.googleapis.com service. To know more about this service, refer to Google Documentation.
         
         

   3. Click Save.