gudrun-wolfgram
commented
2 years ago @cloudpitchford - thanks for your feedback. Do you have a link handy to the page you're referring to? Thanks!
Closed cloudpitchford closed 2 years ago
gudrun-wolfgram
commented
2 years ago @cloudpitchford - thanks for your feedback. Do you have a link handy to the page you're referring to? Thanks!
cloudpitchford
commented
2 years ago Here's the IAM page: https://cloud.ibm.com/iam/authorizations/grant as a resource documenting how to grant an authorization policy between a source and a Key Protect instance as a target. It turned out that a specific request required using the CLI command to make it work: ibmcloud iam authorization-policy-create <source> <target> <role> --target-service-instance-id <key protect instance id> was required, but maybe the UI in production supports this?
amatetic
commented
2 years ago Thank you for your feedback. We will take a closer look at your comments in an upcoming sprint.
cloudpitchford
commented
2 years ago I'm checking out https://test.cloud.ibm.com/docs/vpc?topic=vpc-vpc-encryption-planning&interface=cli#byok-volumes-prereqs as suggested by @amatetic!
amatetic
commented
2 years ago Per discussion in slack, closing the GitHub issue. If there are further documentation concerns, Chris will contact me directly and it will be tracked internally.
Can you detail the process for setting up authorization policies with screencaptures or to the IAM docs?
This is an important part of BYOK, and authorization targeting Key Protect is required in order to use encryption in this manner. Thanks!