IBM Cloud Docs
Configuring Cloud Object Storage

Configuring Cloud Object Storage

IBM Cloud® Object Storage is used to securely store large volumes of data, ensuring compliance and optimizing cost. You can integrate IBM Cloud Object Storage Bucket to store evidence. You can also use this tool integration for specific storage requirements of your toolchains.

Prerequisites

You must make sure that you complete the following steps before you integrate your toolchain with a Cloud Object Storage Bucket.

  1. You must have an instance of Cloud Object Storage, a bucket instance to add the Cloud Object Storage Bucket tool to your toolchain.

  2. To authenticate your Cloud Object Storage Bucket, you can use an API Key or an HMAC Key. You must choose the suitable authentication method, depending on your requirement.

  3. You can choose to create service credentials for the Cloud Secrets Manager instance under the Service credentials tab.

  4. You can create Secrets Manager instance to store service credentials created earlier. Integrate the Secret Manager tool with your toolchain and point the Secrets Manager instance and the secrets that are created before to this integration.

To store and access evidence or other artifacts securely for your toolchain, configure Cloud Object Storage Bucket:

  1. If you are configuring this tool integration as you are creating the toolchain, and a Cloud Object Storage Bucket exists, within the template that you are configuring, click the Cloud Object Storage Bucket tab. Alternatively, in the More tools section, click Cloud Object Storage Bucket.

  2. If you have a toolchain and are adding this tool integration to it, from the IBM Cloud console, clicks the hamburger icon > Platform Automation > Toolchains. On the Toolchains page, click the toolchain to open its Overview page. Alternatively, on your app's Overview page, on the Continuous delivery card, click View toolchain. Then, click Overview.

    a. Click Add.

    b. In the Tool Integrations section, click Cloud Object Storage Bucket.

  3. Type a Name to identify the Cloud Object Storage Bucket integration.

  4. Select the Authentication type according to your requirements. If you are using API Key for authentication, provide Cloud Object Storage API Key and the Cloud Object Storage instance. If you are using an HMAC for authentication, provide an Access Key ID and Secret Access Key for the HMAC. You can create service credentials for both of these authentication methods for your Cloud Object Storage instance. You can refer to these values directly as literals. However it is recommended to use Secrets Manager integration that has these secrets that are stored. You can then select these secrets from a secret store for authentication.

  5. Type Bucket name and Endpoint that is defined for the corresponding Cloud Object Storage instance.

  6. Click Create Integration.

Configuring Cloud Object Storage Bucket by using the API

The IBM Cloud Object Storage Bucket tool integration supports the following configuration parameters that you can use with the Toolchain HTTP API and SDKs when you create, read, and update tool integrations.

You must specify the tool_type_id property in the request body with the cloudobjectstorage value.

IBM Cloud Object Storage Bucket tool integration parameters
Parameter Usage Type Description
name required, updatable String The name used to identify this tool integration.
auth_type required, updatable String The authentication type. Pass apikey for IBM Cloud API Key or hmac for HMAC (Hash Message Authentication Code).
cos_api_key required, updatable String For auth_type as apikey, pass cos_api_key to authenticate access to the Cloud Object Storage instance or instance_crn.
instance_crn required, updatable String A reference to the existing Cloud Object Storage instance.
bucket_name required, updatable String The name of your Cloud Object Storage bucket.
hmac_access_key_id required, updatable Password HMAC Access Key defined for an HMAC Key. HMAC is identified by a combination of Access Key ID and Secret Access Key. It is associated with the Cloud Object Storage instance.
hmac_secret_access_key required, updatable Password Secret Access Key defined for an HMAC Key. HMAC is identified by a combination of Access Key ID and Secret Access Key. It is associated with the Cloud Object Storage instance.
endpoint required, updatable String Endpoint defined for Cloud Object Storage instance. Options are public, direct, private