SlideShare a Scribd company logo
1 of 21
VA U LT
H a s h i D a y s A m s t e r d a m
JUNE 25-27
PRESENTATION
2
1
June 25-27
Hashidays Amsterdam
RENAULT PRESENTATION
3
June 25-27
Hashidays Amsterdam
Renault and Nissan have been
strategic partners since 1999,
forming a one-of-a-kind alliance
in the automotive world.
Arsonneau julien
Devops Engineer
D2SI ACADEMY
June 25-27
Hashidays Amsterdam4
EXPERIMENTTHEORY SOCIAL AND ME
MEHDI LARUELLE
2
June 25-27
Hashidays Amsterdam5
CONTEXT
CONTEXT
6
# G L O B A L S O L U T I O N S
O F S E C R E T S
# S E C U R I T Y
A P P r o l e
R a d i u s
L d a p
# M U LT I E N V I R O N M E N T
P u b l i c C l o u d / P r i v a t e C l o u d
June 25-27
Hashidays Amsterdam
# F O R P I P E L I N E
G i t l a b
J e n k i n s
# A P P W I T H C O N TA I N E R
E C S
S w a r m
# D E V O P S S E C R E T S
U n b o a r d i n g / t e r r a f o r m
ARCHITECTURE
Date
Header goes here7
3
ARCHITECTURE
8
June 25-27
Hashidays Amsterdam
PROJECT LIFE CYCLE
9
4
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
June 25-27
Hashidays Amsterdam
PROVISIONING
10
PIPELIN E A C TOR S
OPERATOR
RADIUS
Authentication
Policy to create or update
secrets
ORCHESTRATOR
TOKEN
Authentication
Policy to create only
Secret ID for specific
project
PROJECT
Role IDSecret ID
TOKEN
Policy by project
environment
(dev, prod)
APPROLE
Authentication
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
June 25-27
Hashidays Amsterdam
PROVISIONING
11
POLIC IES & R OLE ID
PROJECT
OPERATOR
3. Adjust the policies
& path for Project need
ORCHESTRATOR
5. Terraform plan
& apply inside
CI/CD
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
June 25-27
Hashidays Amsterdam
PROVISIONING
12
PR OJEC T POLIC Y FOR D EV
/secret
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
/secret/projects
/secret/projects/coachdevops
/secret/projects/coachdevops/dev
/secret/projects/coachdevops/dev/keys/*
/secret/projects/coachdevops/
dev/db/adm
/secret/projects/coachdevops/
dev/db/rw
/secret/projects/coachdevops/
dev/db/r
/secret/projects/coachdevops/dev/keys /secret/projects/coachdevops/dev/db/secret/projects/coachdevops/dev/idp
June 25-27
Hashidays Amsterdam
June 25-27
Hashidays Amsterdam13
PROVISIONING
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
Terraform.tfvars
Variables.tf
St ep 5: Plan and apply Terraf orm f iles in C I/C D
TOOLS UPDATE
14
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
June 25-27
Hashidays Amsterdam
Specific Policy to
create or update
Approle
Call script
Tools
HUMAN UPDATE
15
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
June 25-27
Hashidays Amsterdam
UI
Product
owner,DBA,
Storage admin,
etc
Radius/LDAP
HUMAN UPDATE
16
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
June 25-27
Hashidays Amsterdam
DEMONSTRATION
/secret
/secret/projects
/secret/projects/coachdevops
/secret/projects/coachdevops/dev
/secret/projects/coachdevops/dev/keys/*
/secret/projects/coachdevops/
dev/db/adm
/secret/projects/coachdevops/
dev/db/rw
/secret/projects/coachdevops/
dev/db/r
/secret/projects/coachdevops/dev/keys /secret/projects/coachdevops/dev/db/secret/projects/coachdevops/dev/idp
/secret/projects/coachdevops/dev/key
By UIBy script
APP ROLE DEFINITION
17
June 25-27
Hashidays Amsterdam
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
1. Create policy and role for apps
2. Get Role ID
3. Generate a new Secret ID
4. Deliver Role ID
5. Deliver Secret ID
7. Return a token
ADMIN
APP
TRANSITION
18
June 25-27
Hashidays Amsterdam
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
Wrap with
RoleId + Role Name
Define variables
on ci tools
June 25-27
Hashidays Amsterdam19
getSecretID
2
Set Role
Name
3
Authenticate with
Orchestrator Token
4
Deliver Wrap
with
Secret ID
5Get
Wrap
6
Set Role ID
Set Secret ID
7
Authenticate With
Role ID + Secret ID
8 Deliver
Secrets
CI / CD
Pipeline
PROJECT
TEAM
1
Launch Job /
Pipeline
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
DELIVERY OF GETSECRETID
20
June 25-27
Hashidays Amsterdam
P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
CRONJOB OPS
AUTHENTICATE
WITH OPS TOKEN
OR APP ROLE
GENERATE ORCHESTRATOR TOKEN
TH A N K YOU !
H a s h i D a y s A m s t e r d a m

More Related Content

Similar to A way to share secrets in your pipeline - Hashidays 2018

Practical Ontology: Collaborating and Communicating with Concept Maps
Practical Ontology: Collaborating and Communicating with Concept MapsPractical Ontology: Collaborating and Communicating with Concept Maps
Practical Ontology: Collaborating and Communicating with Concept Maps
Bluecadet
 
HxRefactored - Mashery - Chuck Freedman
HxRefactored - Mashery - Chuck Freedman HxRefactored - Mashery - Chuck Freedman
HxRefactored - Mashery - Chuck Freedman
HxRefactored
 

Similar to A way to share secrets in your pipeline - Hashidays 2018 (20)

Reducing Resistance: Deployment as Surface
Reducing Resistance: Deployment as SurfaceReducing Resistance: Deployment as Surface
Reducing Resistance: Deployment as Surface
 
SAP agile proof of concept
SAP agile proof of conceptSAP agile proof of concept
SAP agile proof of concept
 
Product Co-founders 101 - Avi Cavale
Product Co-founders 101 - Avi CavaleProduct Co-founders 101 - Avi Cavale
Product Co-founders 101 - Avi Cavale
 
From TRL to MRL: Assessing Open Source Project Market Readiness, Cédric Thoma...
From TRL to MRL: Assessing Open Source Project Market Readiness, Cédric Thoma...From TRL to MRL: Assessing Open Source Project Market Readiness, Cédric Thoma...
From TRL to MRL: Assessing Open Source Project Market Readiness, Cédric Thoma...
 
En projektor och några prylar
En projektor och några prylarEn projektor och några prylar
En projektor och några prylar
 
Cross-device and cross-service consent management - 16 October 2014
Cross-device and cross-service consent management - 16 October 2014Cross-device and cross-service consent management - 16 October 2014
Cross-device and cross-service consent management - 16 October 2014
 
From OSCAR to the OW2 Market Readiness Index, Cédric Thomas, Stéphane Laurièr...
From OSCAR to the OW2 Market Readiness Index, Cédric Thomas, Stéphane Laurièr...From OSCAR to the OW2 Market Readiness Index, Cédric Thomas, Stéphane Laurièr...
From OSCAR to the OW2 Market Readiness Index, Cédric Thomas, Stéphane Laurièr...
 
Chhabra Thermal Power Plant Report By Chandra Mohan Lodha
Chhabra Thermal Power Plant Report By Chandra Mohan LodhaChhabra Thermal Power Plant Report By Chandra Mohan Lodha
Chhabra Thermal Power Plant Report By Chandra Mohan Lodha
 
Devops
Devops Devops
Devops
 
Architecting a modern Big Data Enterprise API Ecosystem
Architecting a modern Big Data Enterprise API EcosystemArchitecting a modern Big Data Enterprise API Ecosystem
Architecting a modern Big Data Enterprise API Ecosystem
 
the_swft_product_overview_11072016
the_swft_product_overview_11072016the_swft_product_overview_11072016
the_swft_product_overview_11072016
 
Practical Ontology: Collaborating and Communicating with Concept Maps
Practical Ontology: Collaborating and Communicating with Concept MapsPractical Ontology: Collaborating and Communicating with Concept Maps
Practical Ontology: Collaborating and Communicating with Concept Maps
 
Automate iOS Deployment with Hamper and Schezhen
Automate iOS Deployment with Hamper and SchezhenAutomate iOS Deployment with Hamper and Schezhen
Automate iOS Deployment with Hamper and Schezhen
 
Taking the Next Step Cloud Data Fabric into AWS
Taking the Next Step Cloud Data Fabric into AWSTaking the Next Step Cloud Data Fabric into AWS
Taking the Next Step Cloud Data Fabric into AWS
 
Aprender sobre el futuro del ppm
Aprender sobre el futuro del ppmAprender sobre el futuro del ppm
Aprender sobre el futuro del ppm
 
DevOps, Waffles, and Superheroes
DevOps, Waffles, and SuperheroesDevOps, Waffles, and Superheroes
DevOps, Waffles, and Superheroes
 
Accelerating Time To Market with Sitecore & Helix
Accelerating Time To Market with Sitecore & HelixAccelerating Time To Market with Sitecore & Helix
Accelerating Time To Market with Sitecore & Helix
 
HxRefactored - Mashery - Chuck Freedman
HxRefactored - Mashery - Chuck Freedman HxRefactored - Mashery - Chuck Freedman
HxRefactored - Mashery - Chuck Freedman
 
Solr Migration at Scale: A LexisNexis Journey
Solr Migration at Scale: A LexisNexis JourneySolr Migration at Scale: A LexisNexis Journey
Solr Migration at Scale: A LexisNexis Journey
 
Scope it right
Scope it rightScope it right
Scope it right
 

More from Devoteam Revolve

Présentation D2SI AWS Summit Paris 2014
Présentation D2SI AWS Summit Paris 2014Présentation D2SI AWS Summit Paris 2014
Présentation D2SI AWS Summit Paris 2014
Devoteam Revolve
 

More from Devoteam Revolve (20)

Talk be secret like a ninja with Vault
Talk  be secret like a ninja with VaultTalk  be secret like a ninja with Vault
Talk be secret like a ninja with Vault
 
How to scale with Terraform
How to scale with TerraformHow to scale with Terraform
How to scale with Terraform
 
Formations AWS - Catalogue D2SI Authorized Training Partner
Formations AWS - Catalogue D2SI Authorized Training PartnerFormations AWS - Catalogue D2SI Authorized Training Partner
Formations AWS - Catalogue D2SI Authorized Training Partner
 
Meetup Sécurité - AWS - Boundary Policy
Meetup Sécurité - AWS - Boundary PolicyMeetup Sécurité - AWS - Boundary Policy
Meetup Sécurité - AWS - Boundary Policy
 
Meetup Sécurité - AWS - Recap Reinforce 2019
Meetup Sécurité - AWS - Recap Reinforce 2019Meetup Sécurité - AWS - Recap Reinforce 2019
Meetup Sécurité - AWS - Recap Reinforce 2019
 
Meetup Sobriété numérique
Meetup Sobriété numériqueMeetup Sobriété numérique
Meetup Sobriété numérique
 
La DSI plateforme : DevOps, Agilité et Cloud
La DSI plateforme : DevOps, Agilité et CloudLa DSI plateforme : DevOps, Agilité et Cloud
La DSI plateforme : DevOps, Agilité et Cloud
 
Sécurité via l'automatisation : DevOps pour InfoSec. chez Renault Digital - A...
Sécurité via l'automatisation : DevOps pour InfoSec. chez Renault Digital - A...Sécurité via l'automatisation : DevOps pour InfoSec. chez Renault Digital - A...
Sécurité via l'automatisation : DevOps pour InfoSec. chez Renault Digital - A...
 
Scaling @Bouygues Telecom AWS Paris 2019
Scaling @Bouygues Telecom AWS Paris 2019Scaling @Bouygues Telecom AWS Paris 2019
Scaling @Bouygues Telecom AWS Paris 2019
 
Entreprise Plateforme - Le nouveau modèle ?
Entreprise Plateforme - Le nouveau modèle ? Entreprise Plateforme - Le nouveau modèle ?
Entreprise Plateforme - Le nouveau modèle ?
 
Transformation Cloud & DevOps chez Renault Digital - AWS Summit Paris 2018
Transformation Cloud & DevOps chez Renault Digital - AWS Summit Paris 2018Transformation Cloud & DevOps chez Renault Digital - AWS Summit Paris 2018
Transformation Cloud & DevOps chez Renault Digital - AWS Summit Paris 2018
 
Automation of Active Directory's Deployments on AWS
Automation of Active Directory's Deployments on AWSAutomation of Active Directory's Deployments on AWS
Automation of Active Directory's Deployments on AWS
 
AWS Summit Paris 2017 : DevOps in a container world
AWS Summit Paris 2017 : DevOps in a container worldAWS Summit Paris 2017 : DevOps in a container world
AWS Summit Paris 2017 : DevOps in a container world
 
AWS Summit Paris 2017 : AWS loves Microsoft Workloads
AWS Summit Paris 2017 : AWS loves Microsoft WorkloadsAWS Summit Paris 2017 : AWS loves Microsoft Workloads
AWS Summit Paris 2017 : AWS loves Microsoft Workloads
 
AWS Summit Paris 2017 : Gameday Veolia
AWS Summit Paris 2017 : Gameday VeoliaAWS Summit Paris 2017 : Gameday Veolia
AWS Summit Paris 2017 : Gameday Veolia
 
Meetup Responsive Org #1
Meetup Responsive Org #1Meetup Responsive Org #1
Meetup Responsive Org #1
 
Continuous integration of_puppet_code
Continuous integration of_puppet_codeContinuous integration of_puppet_code
Continuous integration of_puppet_code
 
Réunion de triage en holacratie v2
Réunion de triage en holacratie v2Réunion de triage en holacratie v2
Réunion de triage en holacratie v2
 
[Oldies] Club client D2SI : DevOps
[Oldies] Club client D2SI : DevOps [Oldies] Club client D2SI : DevOps
[Oldies] Club client D2SI : DevOps
 
Présentation D2SI AWS Summit Paris 2014
Présentation D2SI AWS Summit Paris 2014Présentation D2SI AWS Summit Paris 2014
Présentation D2SI AWS Summit Paris 2014
 

Recently uploaded

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
Overkill Security
 

Recently uploaded (20)

The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi Daparthi
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 

A way to share secrets in your pipeline - Hashidays 2018

  • 1. VA U LT H a s h i D a y s A m s t e r d a m JUNE 25-27
  • 3. RENAULT PRESENTATION 3 June 25-27 Hashidays Amsterdam Renault and Nissan have been strategic partners since 1999, forming a one-of-a-kind alliance in the automotive world. Arsonneau julien Devops Engineer
  • 4. D2SI ACADEMY June 25-27 Hashidays Amsterdam4 EXPERIMENTTHEORY SOCIAL AND ME MEHDI LARUELLE
  • 6. CONTEXT 6 # G L O B A L S O L U T I O N S O F S E C R E T S # S E C U R I T Y A P P r o l e R a d i u s L d a p # M U LT I E N V I R O N M E N T P u b l i c C l o u d / P r i v a t e C l o u d June 25-27 Hashidays Amsterdam # F O R P I P E L I N E G i t l a b J e n k i n s # A P P W I T H C O N TA I N E R E C S S w a r m # D E V O P S S E C R E T S U n b o a r d i n g / t e r r a f o r m
  • 9. PROJECT LIFE CYCLE 9 4 P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E June 25-27 Hashidays Amsterdam
  • 10. PROVISIONING 10 PIPELIN E A C TOR S OPERATOR RADIUS Authentication Policy to create or update secrets ORCHESTRATOR TOKEN Authentication Policy to create only Secret ID for specific project PROJECT Role IDSecret ID TOKEN Policy by project environment (dev, prod) APPROLE Authentication P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E June 25-27 Hashidays Amsterdam
  • 11. PROVISIONING 11 POLIC IES & R OLE ID PROJECT OPERATOR 3. Adjust the policies & path for Project need ORCHESTRATOR 5. Terraform plan & apply inside CI/CD P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E June 25-27 Hashidays Amsterdam
  • 12. PROVISIONING 12 PR OJEC T POLIC Y FOR D EV /secret P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E /secret/projects /secret/projects/coachdevops /secret/projects/coachdevops/dev /secret/projects/coachdevops/dev/keys/* /secret/projects/coachdevops/ dev/db/adm /secret/projects/coachdevops/ dev/db/rw /secret/projects/coachdevops/ dev/db/r /secret/projects/coachdevops/dev/keys /secret/projects/coachdevops/dev/db/secret/projects/coachdevops/dev/idp June 25-27 Hashidays Amsterdam
  • 13. June 25-27 Hashidays Amsterdam13 PROVISIONING P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E Terraform.tfvars Variables.tf St ep 5: Plan and apply Terraf orm f iles in C I/C D
  • 14. TOOLS UPDATE 14 P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E June 25-27 Hashidays Amsterdam Specific Policy to create or update Approle Call script Tools
  • 15. HUMAN UPDATE 15 P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E June 25-27 Hashidays Amsterdam UI Product owner,DBA, Storage admin, etc Radius/LDAP
  • 16. HUMAN UPDATE 16 P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E June 25-27 Hashidays Amsterdam DEMONSTRATION /secret /secret/projects /secret/projects/coachdevops /secret/projects/coachdevops/dev /secret/projects/coachdevops/dev/keys/* /secret/projects/coachdevops/ dev/db/adm /secret/projects/coachdevops/ dev/db/rw /secret/projects/coachdevops/ dev/db/r /secret/projects/coachdevops/dev/keys /secret/projects/coachdevops/dev/db/secret/projects/coachdevops/dev/idp /secret/projects/coachdevops/dev/key By UIBy script
  • 17. APP ROLE DEFINITION 17 June 25-27 Hashidays Amsterdam P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E 1. Create policy and role for apps 2. Get Role ID 3. Generate a new Secret ID 4. Deliver Role ID 5. Deliver Secret ID 7. Return a token ADMIN APP
  • 18. TRANSITION 18 June 25-27 Hashidays Amsterdam P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E Wrap with RoleId + Role Name Define variables on ci tools
  • 19. June 25-27 Hashidays Amsterdam19 getSecretID 2 Set Role Name 3 Authenticate with Orchestrator Token 4 Deliver Wrap with Secret ID 5Get Wrap 6 Set Role ID Set Secret ID 7 Authenticate With Role ID + Secret ID 8 Deliver Secrets CI / CD Pipeline PROJECT TEAM 1 Launch Job / Pipeline P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E
  • 20. DELIVERY OF GETSECRETID 20 June 25-27 Hashidays Amsterdam P R O V I S I O N N I N G T O O L S U P D A T E H U M A N U P D A T E P I P E L I N E U S E CRONJOB OPS AUTHENTICATE WITH OPS TOKEN OR APP ROLE GENERATE ORCHESTRATOR TOKEN
  • 21. TH A N K YOU ! H a s h i D a y s A m s t e r d a m

Editor's Notes

  1. 0,10
  2. 1’40 Julien 1’ 5 Billions euros 10,6 Millions Aliance
  3. 3,10 Mehdi 1’30
  4. 6’10 Julien 3’
  5. 7’ Mehdi 1’
  6. 8’ Mehdi
  7. 11’ Mehdi 3’ 2 tokens pour les projets (prod, non prod)
  8. 14’ Mehdi 3’
  9. 16’ Mehdi 2‘ Retiré des paths -> donné aux projets -> Visu graphique
  10. 18’ Mehdi 2’
  11. 19’ Mehdi 1’
  12. 20’ Julien 1’
  13. 21’ Julien 1’
  14. 22’ Julien 1’
  15. 23’30 Julien 1’30
  16. 26’30 Julien 3’
  17. 28’30 Julien 2’