Skip to main content

Secrets

Secrets consumed directly by apps (both for development and production) are stored in AWS Secrets Manager.

Secrets consumed by humans (cloud logins) are stored in 1Password.

AWS Secrets Manager

Granting Access

info

Human users can be granted access to AWS both via IAM (the legacy system that is now recommended only for machine users), and IAM Identity Center (the newer, AWS-recmmended system for human users).

IAM Identity Cetner

  1. In the AWS portal, go to IAM Identity Center.

  2. Create a new User. (You may also want to create a new Group to assign them specific permissions.)

LEGACY - Azure Key Vault

info

This is now deprecated, and we now use AWS Secrets Manager for secrets.

Granting Access

Create a User

  1. In the Azure Portal, go to Microsoft Entra ID.

  2. Expand Manage -> Users

  3. Click on New user and either (recommended) create an internal user or invite an external one.

  4. Add the user to the relevant group to grant them the relevant permissions.

(Deprecated) Grant Secret Reader Roles

info

This is now deprecated in favor of adding roles to groups, and users to groups.

  1. Navigate to the vault you want to grant access to. (eg. glhf-key-vault)

  2. Click on Access control (IAM) -> Add role assignment.

  3. Grant the user access to Key Vault Secrets User

  4. Click on Access policies

  5. Click Create and grant the user permissions from a template.

1Password

Granting Access

Invite a User

  1. Go to 1Password -> People.

  2. Click Invite People

Grant Access

  1. Go to 1Password -> People.

  2. Click on the user you wish to edit.

  3. Click Manage next to Vaults and grant access to a vault.