Move Secrets Management to Viable
At a glance: Resulting data
- Average UMUX Lite score for the JTBD - 4.2
- How many participants were successful at the task - 2/5
- How many participants failed the task - 3/5
- Total number of errors each participant encountered while attempting to complete the task/scenario - 6
Overview
When I need to use a secret/token/password I want to easily authenticate with HashiCorp Vault so I can leverage the tool I am already using for Secrets Management.
Goal
To assess the current state of Secrets Management, which will be to validate the authentication method of the JWT with an external key store, like HashiCorp Vault.
Objectives
Understand how the following changes have impacted Secrets Management maturity rating: Generate JWT for authentication and provide it to CI jobs
Participant profile
Since this move is from Minimal to Viable we will be assessing the profile of internal users, like Solution Architects and software developers, on GitLab.com
We will recruit 5-6 GitLab employees
- Edmond Chan - Confirmed
- Kurt Dusek - Confirmed
- Kelly Hair - Confirmed
- Mayank Tahilramani - Confirmed
- Catherine (Customer) - Confirmed
Resources
Category Maturity Assessment
| Participant Number | Score | Successful | Failed | Number of Errors Encountered |
|---|---|---|---|---|
| P1 | 4 | No, did not have active vault server available. | Yes, did not have active vault server available. | 1 error of 4 expected - Documentation reading - Success Identify Project for Authentication - Success Find Vault Server URL - Success Authentication with Server - Failed 75%. success, overall fail. |
| P2 | 4.5 | No, did not have active vault server available. | Yes, did not have active vault server available. | 4 errors of 4 steps expected, 2 unexpected steps (6 steps) - Documentation reading - Success Identify Project for Authentication - Success Find Vault Server URL - Failed (Unexpected) Tried to set up a cluster - Failed (Unexpected) Tried to use the managed App - Failed Authentication with Server - Failed 33%. success, overall fail. |
| P3 | 4.25 | No, time limit ran out | Yes, time limit ran out | 1 error of 4 steps Documentation reading - Success Identify Project for Authentication - Success Find Vault Server URL - Success Authentication with Server - Failed 75%. success, overall fail. |
| P4 | 4.75 | Yes, authenticate with JWT to staging | No, was able to authenticate | 0 error of 4 steps Documentation reading - Success Identify Project for Authentication - Success Find Vault Server URL - Success Authentication with Server - Success 100%. success |
| P5 | 3.5 | Yes, he did authenticate | No, was able to authenticate | 0 error of 4 steps Documentation reading - Success Identify Project for Authentication - Success Find Vault Server URL - Success Authentication with Server - Success 100% success |
Key takeaways
- Improve documentation for setting up Vault Pieces like bound-claims, policies, and roles
- Reduce friction of setting up Vault configuration
- Define vault Credentialshttps://gitlab.com/gitlab-org/gitlab/-/issues/246799 in UI
Edited by Rayana Verissimo