Credentials
Hashicorp Vault
UI Login
You can login to the vault by pressing the “Sign in with OIDC Provider” button with Method “oidc”. Press “ScottyLabs” listed under “Secrets Engines” and navigate to the file you have permissions to access in your team’s folder to view the secrets. If you see the following error, it means that you are not in any ScottyLabs Vault group, so you are not able to log into the vault.
Well we don’t want any CMU student to use our Vault, right?
CLI
Replace tedious copy pasting with a single CLI command!
Run the following command at the root of your project to add the secrets sync scripts repo as a git submodule:
git submodule add git@github.com:ScottyLabs/secrets-sync-scripts.git scripts/secretsIf you cloned an existing repo with the git submodule already added, run the following command pull the submodule:
git submodule update --init --recursive --remoteSecret Metadata
Use it to document where the secret come from. One url for each needed secret.
Note
We are currently migrating to OpenBao for our secrets management. See OpenBao Secrets for the current setup.
OpenBao
See OpenBao Secrets for developer and infrastructure documentation.
VaultWarden
Use VaultWarden for storing login credentials that need to be accessed by leadership.
Permission
Owner: ops+vault@scottylabs.org
Admin: Exec + Head of DevOps
User: Leadership
Bitwarden
Use BitWarden for storing login credentials that will only be accessed by the Tech Leadership Maintainers.
The passwords to Bitwarden is meant to be stored locally in these individuals’ own password manager and may not be updated without updating all relevant people.