Skip to content

Credentials

Hashicorp Vault

UI Login

You can login to the vault by pressing the “Sign in with OIDC Provider” button with Method “oidc”. Press “ScottyLabs” listed under “Secrets Engines” and navigate to the file you have permissions to access in your team’s folder to view the secrets. If you see the following error, it means that you are not in any ScottyLabs Vault group, so you are not able to log into the vault.

Well we don’t want any CMU student to use our Vault, right?

Vault access denied error

CLI

Replace tedious copy pasting with a single CLI command!

Run the following command at the root of your project to add the secrets sync scripts repo as a git submodule:

Terminal window
git submodule add git@github.com:ScottyLabs/secrets-sync-scripts.git scripts/secrets

If you cloned an existing repo with the git submodule already added, run the following command pull the submodule:

git submodule update --init --recursive --remote

Secret Metadata

Use it to document where the secret come from. One url for each needed secret.

Note

We are currently migrating to OpenBao for our secrets management. See OpenBao Secrets for the current setup.

OpenBao

See OpenBao Secrets for developer and infrastructure documentation.

VaultWarden

Use VaultWarden for storing login credentials that need to be accessed by leadership.

Permission

Owner: ops+vault@scottylabs.org

Admin: Exec + Head of DevOps

User: Leadership

Bitwarden

Use BitWarden for storing login credentials that will only be accessed by the Tech Leadership Maintainers.

The passwords to Bitwarden is meant to be stored locally in these individuals’ own password manager and may not be updated without updating all relevant people.