Scribd Logo
Upload

Welcome to Scribd!

  • CR - Secrets Manager With KMS

    Uploaded by

    rahul.ps
    30 views4 pages
    1. This document is a change request form to enable APIs, add roles, and create secrets in the Secret Manager on the HDFC Ergo production infrastructure. 2. The changes implemented include enabling the Secrets Manager and Cloud Key Management Service APIs, and adding roles to a workload identity to allow access to secrets. 3. Parameters for acceptance and stakeholders are listed, along with dependent applications, reasons for change, and approval requirements.

    Original Description:

    Original Title

    CR - Secrets Manager with KMS (4)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. This document is a change request form to enable APIs, add roles, and create secrets in the Secret Manager on the HDFC Ergo production infrastructure. 2. The changes implemented include enabling the Secrets Manager and Cloud Key Management Service APIs, and adding roles to a workload identity to allow access to secrets. 3. Parameters for acceptance and stakeholders are listed, along with dependent applications, reasons for change, and approval requirements.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    30 views4 pages

    CR - Secrets Manager With KMS

    Uploaded by

    rahul.ps
    1. This document is a change request form to enable APIs, add roles, and create secrets in the Secret Manager on the HDFC Ergo production infrastructure. 2. The changes implemented include enabling the Secrets Manager and Cloud Key Management Service APIs, and adding roles to a workload identity to allow access to secrets. 3. Parameters for acceptance and stakeholders are listed, along with dependent applications, reasons for change, and approval requirements.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

    Change Request / Verification Note (to be filled by HDFC Ergo)

    (Please note: Fields highlighted with (*) are mandatory)


    Change Request (CR) No. &
    Web Prompt ID and Date
    Date *
    Change Initiated By * Department*
    CR Title *
    Revision History

    Ver No. Prepared / Updated by Reviewed By Review Date Brief Review Comment

    Varun R P Abhishek Badjatia


    CR Description (in detail)

    Features/changes implemented in the current prod infrastructure

    1. Enable the Below APIs:


    a. Secrets Manager
    b. Cloud Key Management Service (KMS) API
    2. Add the below roles to the PRODUCTION Workload Identity: here-app-workload-identity-use@prj-srv-here-app-prodfa.iam.gserviceaccount.com
    a. Roles:
    i. Secret Manager Secret Accessor
    ii. Secret Manager Secret Version Adder
    iii. Secret Manager Viewer

    3. Create secrets in Secret Managers on Production


    4. Add Secret Manager Secret Accessor role to the below users to view the secrets in GCP console:
    a. Sanket (sanket.pahuja1@hdfcergo.com)
    b. Ayush (Ayush.Shukla1@hdfcergo.com)
    c. Darshan (Darshan.G@hdfcergo.com)

    Note: KMS key which will be used for encryption and decryption of the data.

    Business Case *

    Parameter for Acceptance*


    Stakeholder’s Information

    Primary Stakeholder’s Information: *

    Date Name Department Remarks

    Secondary Stakeholder’s Information: P3undant

    Date Name Department Remarks

    Dependant Applications: (for use by HDFC ERGO IT Team)


    Application Application Owner Impact Sign Off From (Impact = Yes)
    Yes/No
    Yes/No
    Yes/No
    Yes/No

    Yes/No
    Yes/No
    Yes/No

    Yes/No

    Yes/No
    Yes/No
    Yes/No
    Yes/No
    Yes/No
    Yes/No

    Attachments To be filled in by User


    Reason for Change* To be filled in by Regulatory Request  Business Need  Requirements Omission
    User Requirements Capture Error  Others
    Business Criticality* To be filled in by
     Showstopper  High  Medium Low
    User
    Process Note RequiP3* To be filled in
     Yes No
    by User
    Reason for Process Note*
    ( Irrespective whether Process Note
    RequiP3 Yes or No) To be filled in by
    User
    Is there a work around suggested to
    circumvent the issue if not as desiP3?
    If Yes, please tell briefly
    Rollback plan for each application is maintained and can be referP3 at
    Roll back plan guidelines Estecker->Applications->Process Alert->IT

    Roll Back Plan (Specific to this CR) e.g. Update table abcccc set status=’Y’ where parameterid=”Interconnect”;

    If not applicable general roll back


    plan will be applicable
    In case of unavailability of common
    roll back plan, full details of roll back
    to be specified here...
    Security Assessment (Applicable CISO approval certificate to be attached
    Complex/ Project CR )

    Approval from head to be attached in case of Complex/Project


    Infra

    Approval from head to be attached. For complex /project – Head IT is mandatory


    IT Approver

    Approval from head to be attached


    Business approver

    You might also like