Configuring the Delinea Platform

To configure Delinea Platform for the integration with Kubernetes ESO, you must complete the following steps in the specified order:

  • Step 1: Create a service user in the Delinea Platform for this integration: The Kubernetes ESO integration uses the credentials of the service user to authenticate with the Delinea Platform API.

  • Step 2: Create a secret in Secret Server on the Delinea Platform: Prepare the secret that you want the Kubernetes ESO integration to retrieve from the Delinea Platform. You must share the secret with the service user that you use for the integration.

The following sections describe how to perform these tasks.

Step 1: Creating a Service User in the Delinea Platform

The integration requires a service user to connect to the Delinea Platform. You specify the username and password of the service user as part of the SecretStore configuration that the integration uses to access the Delinea Platform API. If you don't have a service user, you can create one. For more information about creating a service user, see Service Users in the Delinea Platform documentation.

The service user must have a role with the View Launcher Password on Secrets and View Secret permissions in the Delinea Platform. The following procedure describes how to create a role with these permissions and how to assign the role to the service user.

To create a role with the required permissions and assign it to the service user:

  1. In the Delinea Platform, navigate to Access > Roles.

  2. Select Add Role.

  3. In the New Role dialog, select Add New Custom Role, provide a name and an optional description for the new role, and select Save.

  4. Go to the Permissions tab for the role.

  5. Select Add Permissions and in the Add Permissions window, select View Launcher Password on Secrets and View Secret and select Assign.

    You can search for the permissions by using the search box at the top.

    The Permissions tab shows the permissions added to the role.

  6. Assign the role to the service user:

    1. Navigate to Access > Users.

    2. On the Users page, search for and select the service user.

    3. On the user page, go to the Roles tab and select Assign Roles.

    4. In the Assign Roles window, search for and select the role that you created and select Assign.

Step 2: Creating a Secret in the Delinea Platform

You must create a secret in Secret Server on the Delinea Platform that you want the Kubernetes ESO integration to retrieve from the Delinea Platform and inject into a Kubernetes Secret. You must share the secret with the service user that you use for the integration to enable the integration to access the secret with the service user's credentials.

To create a secret and share it with the service user:

  1. In the Delinea Platform, select Secret Server > All secrets.

  2. Select Create secret.

  3. In the Create new secret dialog, do the following:

    1. (Optional) Change the default folder.

      Make sure that the service user has the View permission for the folder.

    2. Under Choose a secret template, select the template from which to create a secret.

      You can use any template that fits your needs.

    3. Enter a name for the secret and the username and the password to store in the secret.

    4. Provide values for the other secret fields according to the template.

  4. Share the secret with the service user:

    1. Go to the Sharing tab of the secret's page.

    2. Select Edit in the upper-right corner.

    3. Clear Inherit permissions.

    4. To find the service user, use the search box at the top.

    5. Select the check box to the left of the service user name and then select View in the dropdown list under Secret Permissions.

    6. Select Save.