Create Client Credentials

Create machine-to-machine credentials and assign RBAC roles to them in Armory CD-as-a-Service.


A Client Credential is a machine-to-machine credential that the CLI uses to authenticate with CD-as-a-Service when you trigger deployments as part of an external automated workflow. You pass the credential through the clientID and clientSecret parameters.

Additionally, a Remote Network Agent uses a Client Credential for authentication when communicating with CD-as-a-Service.

Before you begin

Create a Client Credential

  1. Access the CD-as-a-Service Console.
  2. Go to the Configuration tab.
  3. If you have more than one tenant, make sure you select the desired tenant in the User context menu.
  4. In the left navigation menu, select Access Management > Client Credentials.
  5. In the upper right corner, select New Credential.
  6. Create a credential for your RNA. Use a descriptive name for the credential that matches what it is being used for. For example, name the credentials the same as the account name you assigned the target deployment cluster if creating a credential for an Remote Network Agent (RNA).
  7. Select an RBAC role from the Select Roles list. You must assign an RBAC role in order for the credential to access CD-as-a-Service.
    • If the credential for is a Remote Network Agent, select Remote Network Agent.
    • If you plan to use the credential to deploy from a GitHub Action or similar tool, select Deployments Full Access.
  8. Note the values for both Client ID and Client Secret. You need these values when configuring the RNA or any other service that you want to grant access to. Make sure to store the secret somewhere safe. You are not shown the value again.

Armory recommends that you store credentials in a secret engine that is supported by the tool you want to integrate with CD-as-a-Service.

What’s next

Last modified May 11, 2023: (d49b85bd)