You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using the module with create_ibmcloud_api_key = true, the new apikey always assumes the identity of the credentials used to run the terraform. In a context of Cloud Project that may lead to unintended results, especially when using trusted profiles authorization.
The credentials / identity designated for the pipelines may need to be different from the one used to deploy the ALM components.
It would be helpful if the user can supply a combination of parameters to use one of the following options:
A service ID that the new apikey should be generated for.
A literal value of the apikey (separate form the one used for deployment or provider configuration). E.g. Cloud Projects can reference a secret in a secrets manager, which would be resolved to the secret value when validating / deploying. The prereq module seems to have a parameter for that but it's not exposed at the top level.
A new apikey for the identity used with the provider (current behavior)
The text was updated successfully, but these errors were encountered:
When using the module with
create_ibmcloud_api_key = true
, the new apikey always assumes the identity of the credentials used to run the terraform. In a context of Cloud Project that may lead to unintended results, especially when using trusted profiles authorization.terraform-ibm-devsecops-alm/prereqs/main.tf
Line 86 in 869f353
The credentials / identity designated for the pipelines may need to be different from the one used to deploy the ALM components.
It would be helpful if the user can supply a combination of parameters to use one of the following options:
The text was updated successfully, but these errors were encountered: