Cloud Credentials

The Scalr cloud credential feature is an easy and secure (encrypted using AES 256) way to automatically pass provider credentials to your workspaces from a centrally managed location. Like most objects in Scalr, credentials are managed at the account scope and then assigned to environments. You can add as many credentials per cloud as you want and the credentials need to be assigned to an environment where all workspaces within that environment will inherit the credentials. Credentials can be shared across one or more environments, but only one credential per cloud type can be used in each environment. Users at the workspace level will see that credentials exist, but cannot view them. When a Terraform run is executed within a workspace the cloud credential will automatically be passed to the run as a shell variable.

If you are using a provider in which Scalr does not have a cloud credential option for, you can use the shell variable option to achieve similar functionality.

Configuring Credentials

Configuring cloud credentials in Scalr is a three step process:

  1. Create the cloud credentials at the account scope by clicking on manage account:

_images/manage_account_creds.png
  1. Click on the Scalr icon on the top left and select cloud credentials:

_images/cloud_creds.png
  1. Lastly, link the cloud credentials to the required environments:

_images/link_creds.png

Environments can be linked to multiple clouds, but there can only one set of credentials per cloud type per environment. Scalr currently supports cloud credentials for the following providers. Click the links for guidance on configuring access in these clouds.

Credentials for other providers can be added manually to workspaces by adding shell variables via the variables tab.

Using Cloud Credentials

You will see the credentials automatically shared with workspaces once they have been linked to the environment that the workspace is in:

_images/ws_provider_vars.png

The credential parameters can no be omitted from the Terraform configuration as seen in this AWS example:

provider "aws" {
  region     = var.region
}