Skip to main content

Identities

What is an Identity?

A Workload Identity or also known as just Identity is part of the Identity Access Management (IAM) of a cloud provider. It is a way to securely access cloud resources like S3, BigQuery, or other services in a secure way. By providing a token or ID (depending on your cloud provider), Pergola can provide that Identity within the runtime of your application, so you can use it and authenticate with your cloud resources, eliminating the need for pre-shared secrets or passwords.

Identity types

Pergola supports the designated identity types of the cloud providers:

info

You can add multiple cloud identities to one Identity but only one per cloud vendor.

How to set an Identity

Example for Web UI

Navigate to your Project on the start page or under the 'Projects' navigation and click on the Stage you want to add the identity on and click 'CONFIG MANAGEMENT':

On the right side choose the 'IDENTITY' tab. Click on the '+ NEW IDENTITY', provide a name for your Identity, choose the cloud provider and fill in the required fields:

info

The Identity's name you provide here is the reference (identity) you use within your Project Manifest.

Now, hit 'SAVE' and voilà you are done.

Example for CLI

pergola add config-identity -p my-new-project -s my-new-stage --identity my-identity --aws-role-arn arn:aws:iam::123456789012:role/my-role
tip

You can retrieve existing Identities, including the new one just created, via:

pergola list config-identity -p pergola-log-service -s dev default
┌───────────────────────────────────────────────────────────────────┐
| identity    | iam                                                 |
| ───────────────────────────────────────────────────────────────── |
| my-identity | AWS: arn:aws:iam::123456789012:role/my-aws-iam-role |
| ───────────────────────────────────────────────────────────────── |
└───────────────────────────────────────────────────────────────────┘

The name my-identity you see here is the reference (identity) you use within your Project Manifest.

For further options see CLI reference.