Prerequisites

Before you can use Vault, you must have an account on the DTS-STN OIDC provider, Keycloak. Follow this guide if you don't yet have one.

Signing into Vault

1. Navigate to the DTS-STN Vault instance at: https://vault.dts-stn.com
2. under the "method" dropdown menu, select OIDC
3. Leave the rest of the fields blank, and select "Sign in with OIDC provider"
4. A new window will pop up prompting you to sign into Keycloak. Fill in your credentials and select "Sign in"

At this point, you should be redirected to the DTS-STN Secrets Engines page

Creating a secret

1. From the secrets engines page, select the appropriate secrets engine. If you are adding a secret for a delivery project, select "dts-secrets-dev"
2. From the secrets page, select the project that your secret relates to. If you don't see an entry for your project, select "Create secret +" at the top right corner of the secrets list.
3. In the secret view, add your secret using the Key Value Pair form. if you have more than one secret, press "Add" at the end of the Key Value Pair form to add a new line to the form.
4. Once you have added your secret(s), press "Save" Your secret is now ready to be consumed from Vault.

If you don't see the secrets engine you are looking for, contact an SRE team member for further guidance. This may be a permissions issue.

For more information, visit our confluence documentation page.

To see an example on how to retrieve the secrets, view the settings.kts page.