How to create a dynamic provisioning profile

  • 3 minute(s) read
Prev Next

This document provides information on how to create a dynamic provisioning profile on Cloud IAM. Dynamic provisioning is an essential feature for rotating and provisioning new secrets. Through this feature, you can define a profile for how these secrets should be created.

Create a dynamic provisioning profile

To create a dynamic provisioning profile for Cloud IAM, see the following steps:

  1. In Segura, in the navigation bar, hover over the Product Menu and select Cloud IAM.
  2. In the side menu, select Identity Management > Dynamic Provisioning and click Profiles.
  3. In the top right corner, click Add.
  4. Select the account where you want to create the dynamic provisioning profile. Accounts will be displayed according to the accounts registered in Segura. More information in How to add an account.
  5. In the Settings tab, fill in the information:
    1. In the Identify* field, enter a name for the profile.
    2. In the Account* field, check that the field is filled with the account chosen in step 4.
    3. In the Active* field, select to activate or deactivate the profile.
  6. In the Providers section, fill in the information:
    1. (Optional): In the Description field, enter a description for the account.
  7. Navigate to the tab for the account provider you chose in step 4. and fill in the fields.
  8. Click on Continue.
  9. In the Review tab, review all information enter previously, and click Save.

Create a profile in an AWS account

To create a dynamic provisioning profile in an AWS account, see the following steps:

  1. In Segura, in the navigation bar, hover over the Product Menu and select Cloud IAM.
  2. In the side menu, select Identity Management > Dynamic Provisioning and click Profiles.
  3. In the top right corner, click Add.
  4. Select an AWS account.
  5. Navigate to the AWS tab.
  6. In the Policies section, select the policies that this user should have in the account. AWS limits up to 10 policies per user.
  7. In the Default TTL section, verify the profile's time to live. This value is automatically set by the provider.
  8. Click Continue until you get to the Review tab.
  9. In the Review tab, review all information enter previously, and click Save.

Create a profile in a Google Cloud account

To create a dynamic provisioning profile in a Google Cloud account, see the following steps:

  1. In Segura, in the navigation bar, hover over the Product Menu and select Cloud IAM.
  2. In the side menu, select Identity Management > Dynamic Provisioning and click Profiles.
  3. In the top right corner, click Add.
  4. Select a Google Cloud account.
  5. Navigate to the Google Cloud tab.
  6. In the Project field, select the project where you want to create a profile.
  7. In the Organization Roles section, select which roles (permission groups), accounts, and organizations the profile should have.
  8. In the Project Roles section, select which roles (permission groups), accounts, and projects the profile should have.
  9. In the Default TTL section, verify the profile's time to live. This value is automatically set by the provider.
  10. Click Continue until you get to the Review tab.
  11. In the Review tab, review all information enter previously, and click Save.

Enable dynamic provisioning profile

To enable a dynamic provisioning profile, see the following steps:

  1. In Segura, in the navigation bar, hover over the Product Menu and select DevOps Secret Manager.
  2. In the side menu, select Application Management > Applications.
  3. In the top right corner, click Add.
  4. Add or edit an application.
  5. On the Automatic Provisioning tab, add the desired provisioning profile.
  6. Click Continue until you get to the Review tab.
  7. In the Review tab, review all information enter previously, and click Save.

Do you still have questions? Reach out to the Segura Community.