Apply for invite to IaCP

How to add credentials for other providers

If users want to use a provider that is not currently supported by Scalr Cloud Credentials then this page is for you.

If the provider supports the use of environment variables for authentication you can set these variables up in the workspace(s) yourself. You have a few options for this.

  1. Set the variables up via the UI

  2. Use the IaCP REST API to add variables (great for automated set up)

  3. Use the Scalr Terraform provider (coming soon).

We are going to use Alibaba Cloud provider as an example. The ALI Cloud provider can use 3 environment variables for authentication.

$ export ALICLOUD_ACCESS_KEY="anaccesskey"
$ export ALICLOUD_SECRET_KEY="asecretkey"
$ export ALICLOUD_REGION="cn-beijing"

We will use ALICLOUD_ACCESS_KEY in the examples.

Credentials Variables in the UI

There are two steps to setting up each environment variable.

  1. Store the credential value securely, invisibly and encrypted in Scalr using a Scalr Global Variable

  • Typically this will be done at the account/green scope so it is done once for all environments and is controlled by the account admin.

  • Go to Account Scope and then Global Variables, New variable

  • Give the variable a name

  • Mask it from view at lower scopes

  • Set the value

  • Add and Save

    ../_images/cc_ali_1.png
  1. Create the Environment variable in any workspace that needs the provider credentials

  • At Environment scope goto workspaces and click on the workspace.

  • Click on the Variables tab

  • New variable -> New Environment Variable

  • Set the variable name to ALICLOUD_ACCESS_KEY

  • Set the variable value to the name of the GV from step 1 in {}, e.g. {alicloud_access_key_1}

  • Mark as “Sensitive”

  • Click save

  • Set up the other variables in the same way and you are all set

    ../_images/cc_ali_2.png ../_images/cc_ali_3.png

Credentials variables via the API

Environment variables for credentials can easily be created or updated via the API.

Note

The Account scope GV containing the credentials values must be created in the UI first as show above

To start, an API token must be generated by clicking on your user on the top right of the screen and click on “TF API Access”:

../_images/api_access.png
  1. Get your workspace ID from the workspace dashboard

    ../_images/workspace_id.png
  2. Create a file (e.g. /var/tmp/new_var.json) containing the following JSON

 {
    "data": {
        "attributes": {
            "category": "env",
            "description": "{description}",
            "hcl": false,
            "key": "ALICLOUD_ACCESS_KEY",
            "sensitive": true,
            "value": "{alicloud_access_key_1}"
        },
        "id": "string",
        "links": {
            "self": "string"
        },
        "relationships": {
            "workspace": {
                "data": {
                    "id": "{workspace_id}",
                    "type": "workspaces"
             }
         }
     },
        "type": "vars"
    },
    "meta": {}
}

Substitute the values for “description”, “key”, “value” and “workspace.data.id” as required.

  1. Run the following curl command setting the {host}, {token} and {file_name} as required

curl -s -X POST https://{host}/api/iacp/v3/vars /
           -H 'Authorization: Bearer {token}' /
           -H 'Content-Type: application/vnd.api+json' /
           --data @{file_name}}