On This Page:
This document provides instructions on how to create a secret policy in VoltConsole. The secret policy is used to encrypt your application secrets using the Volterra Blindfold and to decrypt it from your vk8s application. To know more about Blindfold and secrets management, see Volterra Blindfold.
Using the instructions provided in this guide, you can create a secret policy with policy rules to define permissions for your application to decrypt the secret.
The following prerequisites apply:
Note: If you do not have an account, see Create a Volterra Account.
An application running on vk8s
Note: If you do not have an application running on vk8s, see Deploy Application.
- The vesctl tool. Download vesctl on your local machine as it is used to apply Blindfold to the TLS certificate.
Creating secret policy for your cloud application includes performing the following sequence of actions:
|Create a Secret Policy Rule||Create a policy rule to permit your application to decrypt the secret.|
|Create a Secret Policy||Create a policy to permit your application to decrypt the secret.|
Create a Secret Policy Rule
The secret policy rule allows Wingman running as sidecar in your application access to the secret.
Step 1: Select the namespace where you want to create your Secret Policy. Select Security from the configuration menu and Secret Management from the options pane. Select Policy Rules and click Add secret policy rule. The policy rule creation form gets loaded.
Step 2: Enter the policy rule configuration parameters as per the following guidelines:
- Name: Name of the service policy rule
- Action: Supported actions are ‘allow’ and ‘deny’
- Client Name: Name of the client accessing the server
- Client Label Selector: Label selector expression for the client. Any label applied to the application can be used to write the expression.
Client Name Matcher: Client Name Matcher field has following subfields.
- Exact Values: exact DNS names of the clients to match.
- Regex Values: regex patterns for DNS names to match.
Create a Secret Policy
The secret policy allows Wingman running as sidecar in your application access to the secret.
Step 1: Select the same namespace where you created your Secret Policy Rule. Select Security from the configuration menu and Secret Management from the options pane. Select Policies and click Add secret policy. The policy creation form gets loaded.
Step 2: Enter the policy configuration parameters as per the following guidelines:
- Name: Name of the Service Policy
Rule Combining Algorithm: The algorithm is of the following types:
- First Rule Match: Evaluates each rule in the order of configuration
- Deny Rule Overrides: Evaluates all "allow" rules only.
- Allow Rule Overrides: Evaluates all "deny" rules before evaluating any "allow" rules.
- Rules: Select service policy rule created above