Welcome
Managing Security
HCL DevOps Deploy (Deploy) uses a flexible team-based and role-based security model that maps to your organizational structure.
Secret stores
You can store user credentials in Hashicorp Vault and integrate with HCL DevOps Deploy (Deploy) to retrieve values from the Vault.
Adding Vault AppRoles to the Deploy secret store
You can add Vault AppRoles users to the HCL DevOps Deploy (Deploy) secret store to authenticate users with Vault-defined AppRole.

Release Notes
This section includes what's new, defect fixes, and deprecations and removals in all releases.
System Requirements
This document includes information about the hardware, containers, prerequisite software, supported operating system, and database requirements with component level detail for the HCL DevOps Deploy (Deploy).
Getting Started
Quickly become productive with HCL DevOps Deploy (Deploy).
Installing
An HCL DevOps Deploy (Deploy) installation consists of a Deploy server, a database server, and at least one agent.
Upgrading and Migrating
Stay updated with latest features and functionalities by upgrading HCL DevOps Deploy (Deploy) server, agents, and relays. This section also provides instruction on how to migrate your Deploy instance.
Integrating
HCL DevOps Deploy (Deploy) supports integrations with other IBM® and HCL products, products from others, and certain cloud systems.
Administering
Learn how to administer settings in HCL DevOps Deploy (Deploy) elements and communication between the elements.
Managing Security
HCL DevOps Deploy (Deploy) uses a flexible team-based and role-based security model that maps to your organizational structure.
- Guidelines for setting up server security
  Although there is no single best way to set up security for the server, the following steps are sufficient in most cases.
- SSL configuration
  With Secure Sockets Layer (SSL) technology, clients and servers can communicate securely by encrypting all communications. Data is encrypted before it is sent and decrypted by the recipient. This communication cannot be deciphered or modified by third-parties. In addition to encryption, SSL can also support authentication.
- Encryption key tools
  Using the encryption key tools, you can manage your encryption keys.
- Authorization realms
  Use the Authorization Realms pane to create authorization realms and user groups for the server. Groups can be imported from external systems, such as LDAP.
- Authentication realms
  Authentication realms manage users and determine user identity within authorization realms for the server.
- Roles and permissions
  A role is a list of permissions that users have on the HCL DevOps Deploy (Deploy) server. These permissions include the ability to create, edit, and delete objects, such as applications, environments, and components. The permission also includes the parts of the server interface that users can access.
- Secret stores
  You can store user credentials in Hashicorp Vault and integrate with HCL DevOps Deploy (Deploy) to retrieve values from the Vault.
  - Adding Vault AppRoles to the Deploy secret store
    You can add Vault AppRoles users to the HCL DevOps Deploy (Deploy) secret store to authenticate users with Vault-defined AppRole.
  - Adding Vault LDAP users to the Deploy secret store
    You can add Vault LDAP users to the HCL DevOps Deploy (Deploy) secret store to authenticate users with Vault-defined LDAP.
  - Adding Vault certificate to the Deploy secret store
    You can add the Vault certificates to the HCL DevOps Deploy (Deploy) secret store to authenticate with Vault-defined SSL/TLS client certificate.
  - Vault integration test
    You can test the Vault integration to ensure that HCL DevOps Deploy (Deploy) can retrieve values from the Vault server.
  - Secret store property usage
    At times, you may need to retrieve values from Vault and add them to a plug-in step. For example, start tomcat plug-in step from the Apache Tomcat plug-in. After you create a HCL DevOps Deploy (Deploy) secret store and add users to it, you can add an input property for Vault at any of the levels where secure passwords are allowed. For example, at application level or at resource level. You can use the Vault property in an automation or source configuration plug-in step.
- Security teams
  Users and groups on the server are assigned roles when they are added to teams.
- Security types
  Security types define categories of objects on the server. You can put all objects into a single category, or you can put them in separate categories and give roles different access rights to different categories.
- Tokens
  Tokens provide authorization for agents, agent relays, users, and external systems or applications from the server. Agents use tokens when they run process steps and communicate with the HCL DevOps Deploy (Deploy) server and external services.
- FIPS mode enablement
  You can enable Federal Information Processing Standards (FIPS) mode on the systems that run the HCL DevOps Deploy (Deploy) server, agent, and relays to make them FIPS compliant.
Modeling Software Deployment
Modeling software deployment in HCL DevOps Deploy (Deploy) includes configuring components and component processes and adding those components to applications. Then, you use processes to deploy the components to environments.
Deploying
Learn how to deploy applications in HCL DevOps Deploy (Deploy).
Reporting
Provides several different deployment and security reports.
Extending Product Function
Learn how to extend the function of HCL DevOps Deploy (Deploy).
Troubleshooting and Support
Learn how to troubleshoot some common issues with HCL DevOps Deploy (Deploy).
Security Considerations
You can act to ensure that your installation is secure and set up user access controls.

Adding Vault AppRoles to the Deploy secret store

You can add Vault AppRoles users to the HCL DevOps Deploy (Deploy) secret store to authenticate users with Vault-defined AppRole.

Before you begin

Ensure that you have installed the Vault server and obtained the server address.
You must have the following permissions:
- Create, view, and edit secret store permissions to create a secret store.
- Create, view, and edit Vault AppRole permissions to manage AppRoles of a secret store.

Procedure

Click Create Vault Secret Store.

Create a secret store in the Manage Vault Secret Store window and provide the following details:


Parameter	Description
Name	Identifies the Vault secret store name. Note: Characters other than `a-z`, `A-Z`, `0-9`, and `-` are not allowed.
Description	Conveys more information about the Vault.
Teams	Allows access to the Vault secret store to specific teams.
URL	Indicates the Vault server address.

Save your changes.
The secret store lists on the Secret Stores page.

Add AppRoles users to the secret store.

Click the secret store to which you want to add the AppRole.
Click App Roles.
Click Create Vault AppRole.
The Manage Vault AppRole window is displayed.

In the Manage Vault AppRole window, enter the following AppRole details:


Parameter	Description
Name	Identifies the Vault AppRole name. Note: Characters other than `a-z`, `A-Z`, `0-9`, and `-` are not allowed.
AppRole Id	Specifies the RoleID of the Vault AppRole.
Secret Id	Specifies the SecretID of the Vault AppRole.
Teams	Allows access of the AppRole to specific teams.

Save your changes.
The AppRole is added to the Vault AppRoles page.

Results

You have added AppRole users to the Deploy secret store.

What to do next

You can test the integration. See Testing Vault AppRole integration.