Skip to content

HCP Vault Onboarding - What to Expect#

This document is to describe to service teams what they can expect from the secrets management team (SECM) when onboarding to HCP Vault.

Pre-Onboarding Steps#

  1. Service Team: Fill out the Service Level Readiness form for Vault. The secrets management team will schedule a meeting to discuss use cases and next steps
  2. SECM: The secrets management team will provide documentation that includes:
    1. Internal Vault Documentation
    2. HashiCorp (vendor) Documentation
    3. RACI
  3. SECM: Creates a Target Process story to track the work and determine the availability of resources and agreed upon timeline within both of the teams to complete the onboarding process.

Onboarding Steps#

  1. SECM: The secrets management team will schedule a meeting (30 minutes) to go over the following:
    1. Brief overview of Vault
    2. Discuss service team scope and use cases
    3. Demo Vault and show sample repo
    4. Discuss need for sub-namespaces
  2. Service Team/SECM: Add team to the #hcp-vault slack channel for support and community discussion within the University
  3. Service Team: Submit the Vault Namespace Google Form to get a namespace created for service team.
    1. Please specify who will have update access within Grouper to control which users can be added/removed from their created group for namespace access.
  4. Service Team: Submit the Vault Sub-namespace Google Form to create any sub-namespaces that may be required Sub-namespaces are for CESI groups that have subteams within them that require further isolation of secrets.
  5. SECM (Optional): Schedule a meeting (30 minutes) to go over:
    1. How to log into Vault and access the service team's new namespace(s)
    2. Describe Vault's features and pre-configured namespace items (secrets engines, policies, etc.)
    3. Begin discussing potential use cases and timeline of work with the service team
    4. Answer any other questions by the service team
  6. SECM: Schedule 1-2+ (1 hour) meetings to guide the service team through 1-2 use cases. During these sessions the SECM will go over:
    1. Accessing Vault
      1. CLI access
      2. GUI access
    2. Grouper Structure for Namespace Management
    3. Vault Policies
    4. 1 or 2 use cases as needed by the service team
    5. Other best practices
  7. Service Team: Feel free to reach out to the secrets management team at secrets-team@umn.edu to schedule any follow up sessions.