Manage secrets using the simple lookup value provider
For secrets and password fields used with certain CI’s, you can establish a simple lookup provider that will be used to look up a value based on a lookup provider key that you specify. You can use the simple lookup provider to reference and resolve a key/value pair stored in XL Deploy (as opposed to an external secrets management tool such as HashiCorp Vault or CyberArk Conjur).
As with any security-related feature, controlling access to sensitive data needs to be managed as part of the integration. XL Deploy provides controls to limit access, ensuring that:
- Developers are authenticated and authorized to read secrets
- Role-based access to secrets is supported
- Policies are provided to control credentials and how they can be used
You can specify certain properties for a CI that should be looked up in an internal source. This is useful for sensitive data that is not part of a deployment package such as hosts or cloud targets.
To support this, you can create a special CI type called a SimpleLookupValueProvider. Once this configuration is in place, you can select the SimpleLookupValueProvider and type a key/identifier for the value that you want to use.
To create simple lookup provider:
- Hover over Configuration, click , and select New > lookup > SimpleLookupValueProvider.
- In the Name field, enter a name for the simple lookup provider.
- In the Entries field, type one or more secret paths to where key-value pairs are stored.
- In the Encrypted Entries field, type one or more secret paths to where encrypted key-value pairs are stored.
- Optionally, select Allow Encrypted For Non Password to allow encrypted entries for non-password properties.
Click Save or Save and close.
After creating an simple lookup value provider, you can now select it and choose a key when configuring properties for certain CIs. For example, if you want to store and resolve a password for a host CI:
- Hover over Infrastructure, click , and select New > overthere > SshHost.
- Complete the required fields for the CI.
- In the SU password field, click and select the SimpleLookupValueProvider you created in Create a simple lookup value provider.
- In the Lookup provider key field, type the name of the key for the corresponding value that is stored in the simple lookup value provider.
- Click Save or Save and close.