oldsecrets

Objective

This document provides instructions on how to create a secret policy in VoltConsole. The secret policy is used to encrypt your application secrets using the Volterra Blindfold and to decrypt it from your vk8s application. To know more about Blindfold and secrets management, see Volterra Blindfold.

Using the instructions provided in this guide, you can create a secret policy with policy rules to define permissions for your application to decrypt the secret.


Prerequisites

The following prerequisites apply:


Configuration

Workflow

Creating secret policy for your cloud application includes performing the following sequence of actions:

Phase Description
Create a Secret Policy Rule Create a policy rule to permit your application to decrypt the secret.
Create a Secret Policy Create a policy to permit your application to decrypt the secret.

Create a Secret Policy Rule

The secret policy rule allows Wingman running as sidecar in your application access to the secret.

Step 1: Select the namespace where you want to create your Secret Policy. Select Security from the configuration menu and Secret Management from the options pane. Select Policy Rules and click Add secret policy rule. The policy rule creation form gets loaded.

Step 2: Enter the policy rule configuration parameters as per the following guidelines:

  • Name: Name of the service policy rule
  • Action: Supported actions are ‘allow’ and ‘deny’
  • Client Name: Name of the client accessing the server
  • Client Label Selector: Label selector expression for the client. Any label applied to the application can be used to write the expression.
  • Client Name Matcher: Client Name Matcher field has following subfields.

    • Exact Values: exact DNS names of the clients to match.
    • Regex Values: regex patterns for DNS names to match.

secret pol rule
Figure: Create Secret Policy Rule


Create a Secret Policy

The secret policy allows Wingman running as sidecar in your application access to the secret.

Step 1: Select the same namespace where you created your Secret Policy Rule. Select Security from the configuration menu and Secret Management from the options pane. Select Policies and click Add secret policy. The policy creation form gets loaded.

Step 2: Enter the policy configuration parameters as per the following guidelines:

  • Name: Name of the Service Policy
  • Rule Combining Algorithm: The algorithm is of the following types:

    • First Rule Match: Evaluates each rule in the order of configuration
    • Deny Rule Overrides: Evaluates all "allow" rules only.
    • Allow Rule Overrides: Evaluates all "deny" rules before evaluating any "allow" rules.
  • Rules: Select service policy rule created above

secret pol app
Figure: Create Secret Policy


Concepts


API References