1. Deploying Siebel CRM Containers on Kubernetes using Siebel Cloud Manager
  2. Using Vault for Managing Secrets

Using Vault for Managing Secrets

OCI Vault is a key management service that stores and manages master encryption keys and secrets for secure access to resources. There are several places where sensitive information is required to be provided while provisioning a Siebel CRM environment using SCM. Instead of providing this information while creating environment, they can be added as secrets in OCI vault and their identifiers (OCID) can be passed in the payload. Using OCIDs, SCM fetches the actual value and then uses it as and when required.

For more information about OCI Vault services, refer Overview of Vault.

For usage with SCM, Vault can be provisioned in two ways:

  • Bring your own OCI Vault: You can provide your existing Vault's OCID during SCM stack creation.
  • Have SCM provision a new Vault: You do not provide any Vault information. SCM provisions a new Vault during the stack creation. Option to create a Default or Virtual Private Vault is available.

If you are bringing your own Vault, make sure you allow for the right access to fetch the secrets by SCM. For more information about required policies, refer Common Policies.

Once SCM stack creation is over, Vault is available to access. These are the steps to do before provisioning a new Siebel CRM environment.

  1. Create a Master Encryption Key (MEK) in the Vault.
  2. Create secrets using the MEKs for the necessary fields in the payload section.
  3. Copy the OCIDs of the secrets created in step 2 and provide them as input in the payload section.