Configuring IBM Cloud Object Storage for storing evidence
Complete these steps to create an IBM Cloud Object Storage instance and IBM Cloud Object Storage bucket to store evidence that is used by the IBM Cloud DevSecOps pipelines.
Create a Cloud Object Storage instance
Create an IBM Cloud Object Storage instance.
Create a Cloud Object Storage bucket
In Cloud Object Storage, files are grouped in buckets. You might think of buckets like directories, except that no subdirectories are in buckets.
- In Cloud Object Storage, click Buckets.
- Click Create bucket.
- Choose the Customize your bucket option.
- Give the bucket a unique, memorable name to help you remember what the bucket is for. Over time, you might create many buckets.
- Set Resiliency to Regional. Regional resiliency has the best performance with the lowest cost. However, if the ability to survive a regional outage is essential, set the resiliency to "Cross Region."
- For best performance, set Location to the same location as your toolchain location.
- Usually, the default for Storage class is suitable for use, so you don't need to use ADVANCED CONFIGURATION.
Create a service credential
- In Cloud Object Storage, click Service Credential.
- Click New Credential.
- Select Include HMAC Credential to include HMAC keys in the credential.
- Provide the details:
- Name: Name of the credential.
- Role: Role for the credential. The Object writer and Reader role is suggested for handling evidence.
Provide bucket access to the service credential
- In Cloud Object Storage, click Buckets.
- Select the bucket that was created in the previous step.
- Click Access policies, and select the Service IDs option
- Select the service credential that was created in the previous step, and select the Object writer and Reader role.
- Click Create Access Policy.
Copy the API Key of the service credential
- In Cloud Object Storage, click Service Credential.
- Click expand the service credential to view the apikey.
- Note the apikey because you need it later when setting up your DevSecOps pipelines.