Dynamic Provisioning Profiles
senhasegura allows you to create profiles with predefined information to provision service accounts and credentials via API calls.
In this case applications that request the creation of credentials and service accounts will obey the rules that have been determined in the template, such as the given validity (TTL).
Create Dynamic Provisioning Profile
To add a profile, Access the profiles report via the path: Cloud IAM ➔ Cloud IAM ➔ Dynamic Provisioning ➔ Profiles.
In the actions on the page, click on the Add profile option;
On the displayed page, select which account you want to create the profile;
In the form, fill in the Identifier field, which must be unique. The system will not accept an identifier with an existing name;
Check the box of providers you want to create the profile. It is possible to select more than one provider;
For the AWS provider, fill in the following fields:
Select up to 10 policies. AWS itself defines this limit;
Set the default TTL (time to live) to delete service accounts automatically;
For Google Cloud provider, fill in the following fields:
Select in which project the service account should be created;
Select which roles this service account should be assigned at the Organization level;
Select which roles this service account should receive at the Project level;
Set the default TTL (time to live) to delete service accounts automatically;
Finally, click on Confirm to finish;
Enable Dynamic Provisioning Profile
Go to DevOps Secret Manager ➔ Applications ➔ Applications
In the report look for the application you want to enable provisioning for and click the corresponding action button and choose the Change option.
On the Automatic provisioning tab, enable automatic provisioning of secrets
In the Cloud dynamic provisioning profile field select the profile that should be used. You can select more than 1 profile.
To finish click on Save.