aescbc: keys: - name: key1 secret: <32-byte base64 encoded string> - identity: {} Where aescbc is the key type, and secret is populated with a 32-byte base64 encoded string aescbc: keys: - name: key1 secret: <32-byte base64 encoded string> - identity: {} Where secret is the 32-byte base64-encoded string generated in the first step. 1.1.3 - Install 3.2.2 - Configure an Identity Provider for Authentication Profile Applicability Level 1 Description When running Rancher in a production environment, configure an identity provider for authentication

user interface for configuring it or applying it globally across user clusters. Google provides an Identity Service that can be used across any platform where GKE or Anthos clusters can run, providing a given by the admins. The Identity Service can be connected to GCP to connect to the clusters using the Google Cloud ID. The Identity Service is compatible with OIDC protocol identity systems in any platform

supported; Identity providers supported, Built-in OAuth service for integration with multiple identity providers, Integration with AD, OpenLDAP, and FreeIPA; OAuth and SAML identity providers

productivity HashiCorp Vault Provides the foundation for cloud security that leverages trusted sources of identity to keep secrets and application data secure ● Secrets management to centrally store and protect rivileged-access-management Vault Workflow Overview Vault Principles API (HTTP Rest / KMIP) Identity Policy / Governance Audit Dynamic Secrets Static Secrets (Versioned) Crypto as a Service