Enable secrets manager on a project (Frontend)

Add a toggle for enabling the secrets manager in Settings > General > Visibility. When enabling for the first time, it will take time to provision the secrets manager, so frontend should poll for the status and wait for PROVISIONING to change to ACTIVE.

There is no API yet for disabling the secrets manager, so it is out of scope for this issue.

GraphQL

Mutation for enabling the Secrets Manager

mutation {
  projectSecretsManagerInitialize(input: {projectPath: "path/to/project"}) {
    errors
    projectSecretsManager {
      ciSecretsMountPath
      project {
        id
        name
      }
      status
    }
  }
}

Query to check the status

query {
  projectSecretsManager(projectPath: "path/to/project") {
    status # ACTIVE / PROVISIONING
    project {
      id
    }
    ciSecretsMountPath
  }
}

Setting up openbao on gdk

Enable the feature flags ci_tanukey_ui and secrets_manager.
Install openbao.
```
brew install openbao
```
Follow the instructions in #470143 (comment 1984247205). The openbao server must be running and the vault unsealed.

Links/References

📌 Design SSOT: Figma link

📌 Backend issue: #469580 (closed)

Edited Sep 24, 2024 by Mireya Andres