Skip to content

Onboarding - What to Expect#

This document is to describe to Service Teams (customers) what they can expect from the DevEx Team when onboarding to HCP Vault.

Pre-Onboarding Steps#

  1. Service Team: Fill out the Service Level Readiness form for Vault. The DevEx Team will schedule a meeting to discuss use cases and next steps
  2. DevEx Team: Provide documentation to Service Team that includes:
    1. Internal Vault Documentation
    2. HashiCorp (vendor) Documentation
    3. RACI
  3. DevEx Team: Creates a Target Process story to track the work and determine the availability of resources and agreed upon timeline within both of the teams to complete the onboarding process.

Onboarding Steps#

  1. DevEx Team: Schedule an initial meeting (30 minutes) to go over the following:
    1. Discuss Service Team's current use of secrets
    2. Discuss Service Team's scope and use cases
    3. Brief overview of Vault
    4. Describe namespaces and discuss need for sub-namespaces
    5. Demonstrate Grouper Structure for Namespace Management
  2. Service Team/DevEx Team: Add team to the #hcp-vault slack channel for support and community discussion within the University
  3. Service Team: Submit the Vault Namespace Google Form to get a namespace created for Service Team's CESI unit.
    1. Please specify who will have update access within Grouper to control which users can be added/removed from their created group for namespace access.
  4. Service Team: Submit the Vault Sub-namespace Google Form to create any sub-namespaces that may be required Sub-namespaces are for CESI groups that have subteams within them that require further isolation of secrets.
  5. DevEx Team: Work with IAM to create the necessary grouper groups and provision the new namespace in Vault.
    1. DevEx team sends an email to service team with instructions on adding users to grouper and how to get started once the namespace is provisioned.
  6. Service Team: A member or manager of the Service Team who was provisioned with update access in grouper will add team members to grouper so they can access vault.
  7. Service Team: Can reach out to the DevEx Team at devex@umn.edu to schedule any follow up sessions.