Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

This guide outlines how Zilla will manage credentials to your systems connected to PO Box.

How We Pull Credentials

PO Box calls home via an outbound API call to our Zilla AWS infrastructure frequently. If a sync needs to be made, PO box will pull configurations from AWS secrets manager, where we securely store all credentials.

Please see below on how to configure PO Box Applications in Zilla.

Installation

Note: if there are brackets inside of a code snippet, you will need to replace it with a value. For instance, If there is code that says to enter CREATE USER {username}, you will need to replace {username} with the proper value.

Store the Credentials Securely Within Zilla’s infrastructure

The recommended way to store config info is by creating applications in Zilla and placing the info we need there. This is recommended for on-prem deployment of PO Box that are connecting to a MySQL Database, a PostGREs Database, or an On-Prem Active Directory.

For Active Directory

  1. login to Zilla as an Administrator

  2. Add a new application:

image-20240417-190154.png
  1. Search for On Premise AD, then add an instance to Zilla:

image-20240417-190649.png
  1. Add a Business Owner (Person Reviewing Access for the App) and a Technical Owner (Person setting up syncs and revoking access), then select Add to Applications:

image-20240417-191132.png
  1. Select the gear box on the top right of the screen:

image-20240417-190838.png
  1. Fill out the config we need to connect to active directory and pull users. These are outlined below:

    1. Frequency - How often should we pull users?

    2. Server URI - This is the URI of the server that is hosting you Active Directory. The value of this config should be ldap://{Server IP}. Be sure to replace the bracketed part with the IP of the server that’s hosting your Domain Controller and Active Directory

    3. Search Base - This is the tree that you would like to pull users from on AD. We generally recommend selecting the highest level tree in your AD so we pull all of your AD users. If my OU is zsec.io, then the value of this config would be dc=zsec,dc=io

    4. Login User - this is the username of the service account you created in Active Directory. For more info on how to do this, please see this guide. Please be sure to include the full email of the account. For example, if I created an account called zilla-svc, and my forest’s domain is access-ventures.com, then the value for this config should be zilla-svc@access-ventures.com

    5. Login Password - this is the password for the service account you created in AD.

Note: we will always encrypt passwords and usernames stored in your Zilla config using AWS Secrets Manager

For MySQL Databases

  1. login to Zilla as an Administrator

  2. Add a new application:

image-20240417-190154.png
  1. Search for MySQL, then add an instance to Zilla:

image-20240417-190546.png
  1. Add a Business Owner (Person Reviewing Access for the App) and a Technical Owner (Person setting up syncs and revoking access), then select Add to Applications:

image-20240417-191132.png
  1. Select the gear box on the top right of the screen:

image-20240417-190838.png
  1. Fill out the config we need to connect to the database and pull users. These are outlined below:

    1. Frequency - How often should we pull users?

    2. Database Server Host - this is the hostname or IP of the database

    3. Database Server Port - this is the port that PO Box will send the query request over. By default, MySQL uses port 3306

    4. Database Name (optional) - by default, Zilla pulls users from the system-level; however, if you would like to also pull from a specific database, then you can enter the name of the database, and we will also pull any database-level users. Please note: you will need to grant SELECT access to the service account you have created for this to work.

    5. Database User - the username of the service account you created. Please see here for more details.

    6. Database Password - the password for the service account you created.

Adding a PostGREs Database to Zilla

  1. login to Zilla as an Administrator

  2. Add a new application:

image-20240417-190154.png
  1. Search for PostgreSQL, then add an instance to Zilla:

image-20240417-190346.png
  1. Add a Business Owner (Person Reviewing Access for the App) and a Technical Owner (Person setting up syncs and revoking access), then select Add to Applications:

image-20240417-191132.png
  1. Select the gear box on the top right of the screen:

image-20240417-190838.png
  1. Fill out the config we need to connect to the database and pull users. These are outlined below:

    1. Frequency - How often should we pull users?

    2. Database Server Host - this is the hostname or IP of the database

    3. Database Server Port - this is the port that PO Box will send the query request over. By default, PostGREs uses port 5432

    4. Database Name - this is the name of the database you want to pull users from

    5. Database User - the username of the service account you created. Please reviewCreating Service Accounts For PO Box for more details.

    6. Database Password - the password for the service account you created.

Note: if you have multiple databases that you would like to review access to, you will need to add an application per database by repeating steps 1-6 in this section. You can use the same service account so long as you have granted SELECT access to that account for all the databases you’d like to add to Zilla.

  • No labels