Cloud Credentials
Shipa allows users to store their cloud credentials in its central repository and leverage them when creating nodes through the node add command.
Shipa supports the store of credentials for the following cloud providers:
- Amazon Web Services
- Google Cloud
- Microsoft Azure
When storing credentials, Shipa uses an encrypted format and against the user who is adding them, which means that only this specific user can access it when adding nodes or managing credentials.
For credential management, the following commands are available:
- credential add
- credential list
- credential remove
- credential show
Adding Credentials
To add cloud credentials, use the credential add command.
The command credential add should be used when adding cloud credentials.
When added, credentials are stored and encrypted against the user that is adding them.
The command below should be used when adding credentials:
shipa credential add [credential_name] --provider [google|aws|azure] --path /path/to/credential-file
The following flags can be used:
| Flag | Description |
|---|---|
| -h, --help | Display help and exit |
| --name | cloud credential name |
| --path | path to credential file |
| --provider | cloud provider [aws, google, azure] (required) |
Cloud credential files
When adding credentials, users should provide a path to a cloud-specific credential file.
Following the directions below can help users retrieve their files from each specific cloud provider:
AWS:
- Expects an AWS credentials file.
- See: Configuration and Credential Files
Google:
- Expects a Google Cloud service account JSON credentials file
- See: Creating and managing service account keys
Azure:
Expects a JSON file containing, azure-client-id, azure-client-secret & azure-subscription-id. Shipa uses Azure Service Principal authentication when adding Azure nodes where users need to register an App on azure to get the required values.Example file format:
{ "azure-subscription-id": "<your subscription id>", "azure-client-id": "<your client id>", "azure-client-secret": <your client secret> }
Listing All User Credentials
Use the credential list command to list all added credentials.
shipa credential list
The command will generate a list and information of all the cloud credentials added by the specific user running the command, displaying only his own cloud credentials.
Listing Specific Credential
To list the information of a specific cloud credential, use the credential show command.
shipa credential show [credential_name]
The following flags are available:
| Flag | Description |
|---|---|
| credential_name | Name of the credential utilized when adding the specific configuration |
As explained in the section above, listing credentials will only display the credentials that belong to the user executing the command.
Deleting Cloud Credentials
To delete specific cloud credentials, use the credential remove command.
shipa credential remove [credential_name]
Flags available:
| Flag | Description |
|---|---|
| credential_name | Name of the credential wished to be removed |
Updated almost 2 years ago