Skip to content

Onboarding - What to Expect#

This document is to describe to Service Teams (customers) what they can expect from the DevEx Team when onboarding to HCP Vault.

Pre-Onboarding Steps#

  1. Service Team: Fill out the Service Level Readiness form for Vault. The DevEx Team will schedule a meeting to discuss use cases and next steps
  2. DevEx Team: Provide documentation to Service Team that includes:
    1. Internal Vault Documentation
    2. HashiCorp (vendor) Documentation
    3. RACI
  3. DevEx Team: Creates a Target Process story to track the work and determine the availability of resources and agreed upon timeline within both of the teams to complete the onboarding process.

Onboarding Steps#

  1. DevEx Team: Schedule an initial meeting (30 minutes) to go over the following:
    1. Discuss Service Team's current use of secrets
    2. Discuss Service Team's scope and use cases
    3. Brief overview of Vault
    4. Describe namespaces and discuss need for sub-namespaces
    5. Demonstrate Grouper Structure for Namespace Management
  2. Service Team/DevEx Team: Add team to the #hcp-vault slack channel for support and community discussion within the University
  3. Service Team: Submit the Vault Namespace Google Form to get a namespace created for Service Team's CESI unit.
    1. Please specify who will have update access within Grouper to control which users can be added/removed from their created group for namespace access.
  4. Service Team: Submit the Vault Sub-namespace Google Form to create any sub-namespaces that may be required Sub-namespaces are for CESI groups that have subteams within them that require further isolation of secrets.
  5. DevEx Team: Work with IAM to create the necessary grouper groups and provision the new namespace in Vault. DevEx Team with notify the Service Team when the namespace is ready.
  6. Service Team: A member or manager of the Service Team who was provisioned with update access in grouper in step 3 will add team members to grouper so they can access vault.
  7. DevEx Team: Schedule an onboarding meeting (30 minutes) to go over the following:
    1. How to log into Vault and access the Service Team's new namespace(s)
      1. CLI access
      2. GUI access
    2. Describe Vault's features and pre-configured namespace items (secrets engines, policies, etc.)
    3. Demo Vault functionality and show sample repo
    4. Begin discussing potential use cases and timeline of work with the Service Team
    5. Answer any other questions by the Service Team
  8. DevEx Team: Schedule 1-2+ (1 hour) meetings to guide the Service Team through 1-2 use cases. During these sessions the DevEx Team will go over:
    1. Vault Auth Methods & Vault Policies
    2. Either technical discussions or hands on work to enable one or two specific secrets use cases of the Service Team.
    3. Other best practices
  9. Service Team: Feel free to reach out to the DevEx Team at devex@umn.edu to schedule any follow up sessions.