This document provides information on how to create a dynamic provisioning profile on Cloud IAM. Dynamic provisioning is an essential feature for rotating and provisioning new secrets. Through this feature, you can define a profile for how these secrets should be created.
Create a dynamic provisioning profile
To create a dynamic provisioning profile for Cloud IAM, see the following steps:
- In Segura®, in the navigation bar, hover over the Product Menu and select Cloud IAM.
- In the side menu, select Identity Management > Dynamic Provisioning and click Profiles.
- In the top right corner, click Add.
- Select the account where you want to create the dynamic provisioning profile. Accounts will be displayed according to the accounts registered in Segura®. More information in How to add an account.
- In the Settings tab, fill in the information:
- In the Identify* field, enter a name for the profile.
- In the Account* field, check that the field is filled with the account chosen in step 4.
- In the Active* field, select to activate or deactivate the profile.
- In the Providers section, fill in the information:
- (Optional): In the Description field, enter a description for the account.
- Navigate to the tab for the account provider you chose in step 4. and fill in the fields.
- Click on Continue.
- In the Review tab, review all information enter previously, and click Save.
Create a profile in an AWS account
To create a dynamic provisioning profile in an AWS account, see the following steps:
- In Segura®, in the navigation bar, hover over the Product Menu and select Cloud IAM.
- In the side menu, select Identity Management > Dynamic Provisioning and click Profiles.
- In the top right corner, click Add.
- Select an AWS account.
- Navigate to the AWS tab.
- In the Policies section, select the policies that this user should have in the account. AWS limits up to 10 policies per user.
- In the Default TTL section, verify the profile's time to live. This value is automatically set by the provider.
- Click Continue until you get to the Review tab.
- In the Review tab, review all information enter previously, and click Save.
Create a profile in a Google Cloud account
To create a dynamic provisioning profile in a Google Cloud account, see the following steps:
- In Segura®, in the navigation bar, hover over the Product Menu and select Cloud IAM.
- In the side menu, select Identity Management > Dynamic Provisioning and click Profiles.
- In the top right corner, click Add.
- Select a Google Cloud account.
- Navigate to the Google Cloud tab.
- In the Project field, select the project where you want to create a profile.
- In the Organization Roles section, select which roles (permission groups), accounts, and organizations the profile should have.
- In the Project Roles section, select which roles (permission groups), accounts, and projects the profile should have.
- In the Default TTL section, verify the profile's time to live. This value is automatically set by the provider.
- Click Continue until you get to the Review tab.
- In the Review tab, review all information enter previously, and click Save.
Enable dynamic provisioning profile
To enable a dynamic provisioning profile, see the following steps:
- In Segura®, in the navigation bar, hover over the Product Menu and select DevOps Secret Manager.
- In the side menu, select Application Management > Applications.
- In the top right corner, click Add.
- Add or edit an application.
- On the Automatic Provisioning tab, add the desired provisioning profile.
- Click Continue until you get to the Review tab.
- In the Review tab, review all information enter previously, and click Save.
Do you still have questions? Reach out to the Segura Community.