Create Client Credentials

Overview

Client credentials are machine-to-machine credentials that the CLI uses to authenticate with your Armory CD-as-a-Service environment when you trigger deployments as part of an external automated workflow. These credentials are passed through the clientID and clientSecret parameters.

How to create client credentials

1. Access the CD-as-a-Service Console.

2. Go to the Configuration tab.

3. If you have more than one tenant, make sure you select the desired tenant in the User drop down menu.

4. In the left navigation menu, select Access Management > Client Credentials.

5. In the upper right corner, select New Credential.

6. Create a credential for your RNA. Use a descriptive name for the credential that matches what it is being used for. For example, name the credentials the same as the account name you assigned the target deployment cluster if creating a credential for an Remote Network Agent (RNA).

7. Set the permission scope to a preconfigured scope group or manually assign permissions. If the credential is for a RNA, select Remote Network Agent from the preconfigured scope group. The group assigns the minimum set of required permissions for a RNA to work:

   • write:infra:data
   • get:infra:op
   • connect:agentHub

   Removing a preconfigured scope group does not remove the permissions that a preconfigured scope group assigns. You must remove the permissions manually.

8. Note both the Client ID and Client Secret. You need these values when configuring the RNA or any other service that you want to grant access to. Make sure to store the secret somewhere safe. You are not shown the value again.

Armory recommends that you store these credentials in a secret engine that is supported by the tool you want to integrate with Armory CD-as-a-Service.