Use case: Attach credentials in deployment automation

2 minute readSecurity
On this page

When modeling an application or microservice, you can attach credentials these ways:

  • For credentials, attach one or more credentials to component, application, or microservice process steps.

  • For credentials for impersonation, attach only one impersonation credential to these objects:

    • Component process

    • Component process step

    • application or microservice process

    • Application or microservice process step

When you deploy the application or microservice, CloudBees CD/RO applies the credentials based on the user permissions and deploys the application or microservice in one or more environments.

Example

This example describes how to define roles and privileges when an application or microservice is deployed to more than one environment and specific users are limited to specific environments.

You can attach impersonation credentials to an application or microservice in the GUI. The application or microservice has these credentials:

  • Development (dev)

  • Quality Engineering (qe)

  • Production (prod)

Users have these privileges:

  • User A is allowed to deploy the application or microservice to build a MyQSQL database in any environment and has admin privileges.

  • User B is allowed to only deploy the application or microservice in the quality (qa) environments and is not trusted in the development (dev) and production(prod) environments.

The following user permissions determine what users are allowed to do in CloudBees CD/RO.You can configure these credentials only from the GUI.

  • You configure User A’s profile in the automation platform and give User A higher-order privileges than other users. User A has the following credentials, including a credential for impersonation:

    For each environment in CloudBees CD/RO, set a property using a reference such as $[myEnvironment/dbConfigName] and define a unique value, which can be passed as a credential to a process or process step. In the development (dev) environment, set dbConfigName = dbUser_dev. In the quality engineering (qe) environment, set dbConfigName = dbUser_qa. ** In the production (prod) environment, set dbConfigName = dbUser_prod.

  • When you configure User B’s profile in the automation platform, User B is only given the credentials to deploy in the quality (qa) environment. You do not need to set properties to be passed as credentials when the application or microservice is deployed.

Attaching the same credentials from the automation platform is more complicated. Instead of setting only one credential for User A and one for User B, you need to create three unique credentials for the environments in addition to credentials for the various user and environment combinations, such as User A and the development environment.