Skip to main content
Version: Deploy 22.2

Manage secrets using the simple lookup value provider

This topic describes how to establish a simple lookup provider for secrets and password fields used with certain CIs. You can use the simple lookup provider to reference and resolve a key/value pair stored in Deploy (as opposed to an external secrets management tool such as HashiCorp Vault or CyberArk Conjur).

User access control

As with any security-related feature, controlling access to sensitive data needs to be managed as part of the integration. Deploy provides controls to limit access, ensuring that:

  • Developers are authenticated and authorized to read secrets
  • Role-based access to secrets is supported
  • Policies are provided to control credentials and how they can be used

Create a simple lookup value provider

You can specify certain properties for a CI that should be looked up in an internal source. This is useful for sensitive data that is not part of a deployment package such as hosts or cloud targets.

To support this, you can create a special CI type called a SimpleLookupValueProvider. Once this configuration is in place, you can select the SimpleLookupValueProvider and type a key/identifier for the value that you want to use.

To create simple lookup provider:

  1. Hover over Configuration, click Menu button, and select New > lookup > SimpleLookupValueProvider.

  2. In the Name field, enter a name for the simple lookup provider.

  3. In the Entries field, type one or more secret paths to where key-value pairs are stored.

  4. In the Encrypted Entries field, type one or more secret paths to where encrypted key-value pairs are stored.

  5. Optionally, select Allow Encrypted For Non Password to allow encrypted entries for non-password properties.

  6. Click Save or Save and close.

    Create a simple lookup provider

Select a simple lookup value provider and key

After creating an simple lookup value provider, you can now select it and choose a key when configuring properties for certain CIs. For example, if you want to store and resolve a password for a host CI:

  1. Hover over Infrastructure, click Menu button, and select New > overthere > SshHost.
  2. Complete the required fields for the CI.
  3. In the SU password field, click Value lookup toggle button and select the SimpleLookupValueProvider you created in Create a simple lookup value provider.
  4. In the Lookup provider key field, type the name of the key for the corresponding value that is stored in the simple lookup value provider.
  5. Click Save or Save and close.