Skip to content

Credentials

Credentials are used to unlock protected resources such as applications, containers, and other assets.

The Credentials manager in the Run:ai environment supports 3 types of credentials:

  1. Docker registry
  2. Access key
  3. User name and password

Secrets

Credentials are built using Secrets. A Secret is an object that contains a small amount of sensitive data so that you don't need to include confidential data in your application code. When creating a credential you can either create a new secret or use an existing secret.

Existing secrets

An existing secret is a secret that you have created before creating the credential. One way to create a secret is to use the Kubernetes Secrets creation tool to create a pre-existing secret for the credential. You must label these secrets so that they are registered in the Run:ai environment.

The following command makes the secret available to all projects in the cluster.

kubectl label secret -n runai <SECRET_NAME> run.ai/cluster-wide-credentials=true

The following command makes the secret available to the entire scope of a department.

kubectl label secret -n runai <SECRET_NAME> run.ai/resource=<credential_type> run.ai/department=<department-id>

credential_type is one of the following: password / access-key / docker-registry

The following command makes the secret available to a specific project in the cluster.

kubectl label secret -n <NAMESPACE_OF_PROJECT> <SECRET_NAME> run.ai/credentials=true

User-id and password

You can create a credential using a user-id and password. Use the user-id and password of the target resource.

Configuring Credentials

Important

To configure Credentials you need to make sure Workspaces are enabled.

To configure Credentials:

  1. Press Credentials in the left menu.
  2. Press New Credential and select one from the list.

Docker registry

  1. Select a Scope for the credential.
  2. In the Credential name field, enter a name for the credential.
  3. In the Secret field, choose from Existing secret or New secret.

    • If you select Existing secret, select an unused secret from the drop down.

      Note

      Existing secrets can't be used more than once.

    • If you choose New secret, enter a username and password.

  4. Enter a URL for the docker registry, then press Create credential to create the credential.

Access key

  1. Select a Scope for the credential.
  2. In the Credential name field, enter a name for the credential.
  3. In the Secret field, choose from Existing secret or New secret.

    • If you select Existing secret, select an unused secret from the drop down.

      Note

      Existing secrets can't be used more than once.

    • If you choose New secret, enter an access key and access secret.

  4. Press Create credential to create the credential.

Username and password

  1. Select a Scope for the credential.
  2. In the Credential name field, enter a name for the credential.
  3. In the Secret field, choose from Existing secret or New secret.

    • If you select Existing secret, select an unused secret from the drop down.

      Note

      Existing secrets can't be used more than once.

    • If you choose New secret, enter a username and password.

  4. Press Create credential to create the credential.

Download Credentials Table

You can download the Credentials table to a CSV file. Downloading a CSV can provide a snapshot history of your credentials over the course of time, and help with compliance tracking. All the columns that are selected (displayed) in the table will be downloaded to the file.

To download the Credentials table to a CSV: 1. Open Credentials. 2. From the Columns icon, select the columns you would like to have displayed in the table. 3. Click on the ellipsis labeled More, and download the CSV.