Once it's possible to configure the service broker to use space-level Host identities (per the linked issues above) we should update the documentation to describe how to use this workflow. This will essentially boil down to:
Set ENABLE_SPACE_IDENTITY=true when deploying the Conjur service broker.
Pass the identity: space param when binding an app to the Conjur service
[ ] Describe the upgrade requirements (if there are any special ones)
[ ] Describe what the process is if you need to rotate a host API key that is being used by a PCF host. Roughly it seems to be:
Rotate API key
Update API key stored in policy in the space policy branch
Rebind all apps to Conjur. This can be done with blue/green deploys - redeploy new "versions" of all apps to force new binds / receive new credentials, and reroute system to new versions of apps (if this is not done and an app restarts, it will be unable to retrieve secrets from Conjur)
[ ] Update the screenshot of the tile config, since it will have a new configuration option
Depends on https://github.com/cyberark/conjur-service-broker/issues/103 Depends on https://github.com/cyberark/conjur-service-broker/issues/104
Once it's possible to configure the service broker to use space-level Host identities (per the linked issues above) we should update the documentation to describe how to use this workflow. This will essentially boil down to:
ENABLE_SPACE_IDENTITY=true
when deploying the Conjur service broker.identity: space
param when binding an app to the Conjur service