Create Client Credentials

Overview

A Client Credential is a machine-to-machine credential that the CLI uses to authenticate with CD-as-a-Service when you trigger deployments as part of an external automated workflow. You pass the credential through the clientID and clientSecret parameters.

Additionally, a Remote Network Agent uses a Client Credential for authentication when communicating with CD-as-a-Service.

Before you begin

• You are an Organization or Tenant Admin within CD-as-a-Service.
• You are familiar with tenants, users, and RBAC in CD-as-a-Service

Create a Client Credential

1. Access the CD-as-a-Service Console.
2. Go to the Configuration tab.
3. If you have more than one tenant, make sure you select the desired tenant in the User context menu.
4. In the left navigation menu, select Access Management > Client Credentials.
5. In the upper right corner, select New Credential.
6. Create a credential for your RNA. Use a descriptive name for the credential that matches what it is being used for. For example, name the credentials the same as the account name you assigned the target deployment cluster if creating a credential for an Remote Network Agent (RNA).
7. Select an RBAC role from the Select Roles list. You must assign an RBAC role in order for the credential to access CD-as-a-Service.
   • If the credential for is a Remote Network Agent, select Remote Network Agent.
   • If you plan to use the credential to deploy from a GitHub Action or similar tool, select Deployments Full Access.
8. Note the values for both Client ID and Client Secret. You need these values when configuring the RNA or any other service that you want to grant access to. Make sure to store the secret somewhere safe. You are not shown the value again.

Armory recommends that you store credentials in a secret engine that is supported by the tool you want to integrate with CD-as-a-Service.

Assign a role

1. Access the CD-as-a-Service Console.
2. Navigate to Access Management > Client Credentials.
3. Find the credential you want to update. Click the pencil icon to open the Update screen.
4. In the Update screen, place your cursor in the Select Roles field and click.
5. Select a role from the drop-down list. Repeat if you want to assign the credential more than one role. Selected roles appear below the Select Roles drop-down list.
6. Click the Update Credential button.

Revoke a role

1. Access the CD-as-a-Service Console.
2. Navigate to Access Management > Client Credentials.
3. Find the Client Credential you want to update. Click the pencil icon to open the Update screen.
4. In the Update screen, you can see a credential’s roles listed below the Select Roles field.
5. Each assigned role has an x next to it. Click the x to revoke the role.

Make sure your Client Credential has at least one role!

What’s next

• Troubleshoot Role-Based Access Control