Secrets
Secrets consumed directly by apps (both for development and production) are stored in Azure Key Vault.
Secrets consumed by humans (cloud logins) are stored in 1Password.
Azure Key Vault
Granting Access
Create a User
-
In the Azure Portal, go to Microsoft Entra ID.
-
Expand Manage -> Users
-
Click on New user and either (recommended) create an internal user or invite an external one.
-
Add the user to the relevant group to grant them the relevant permissions.
(Deprecated) Grant Secret Reader Roles
This is now deprecated in favor of adding roles to groups, and users to groups.
-
Navigate to the vault you want to grant access to. (eg.
glhf-key-vault) -
Click on Access control (IAM) -> Add role assignment.
-
Grant the user access to Key Vault Secrets User
-
Click on Access policies
-
Click Create and grant the user permissions from a template.
1Password
Granting Access
Invite a User
-
Go to 1Password -> People.
-
Click Invite People
Grant Access
-
Go to 1Password -> People.
-
Click on the user you wish to edit.
-
Click Manage next to Vaults and grant access to a vault.