Set up a credential for data protection that allows you to create a target location that uses a self-provisioned storage location that you create and maintain (either in your cloud provider account or in an on-premises data center).
To create backups using Tanzu Mission Control and save them in your self-provisioned storage (AWS S3 or S3-compatible or Azure Blob), you must first create a credential object that stores access credentials for the storage location.
Prerequisites
Before you set up a data protection credential that provides access to self-provisioned storage, make sure you have access to the account and that you have the credentials to access it.
Also make sure you have the appropriate permissions to create the credential object.
- To create a data protection credential, you must be associated with the organization.credential.admin role.
Procedure
- In the Tanzu Mission Control console, click Administration in the left navigation pane.
- On the Accounts tab of the Administration a page, click Create Account Credential, and then select the type of credential to create.
- For S3-compatible storage, choose Self provisioned storage: AWS S3 or S3-compatible.
- For Azure Blob storage, choose Self provisioned storage: Azure Blob.
- On the Create credential page, provide a name for the credential.
The name that you enter is the name that appears in the list of credential objects on the Accounts tab of the Administration page.
- Provide the credentials required to access the storage location.
For AWS S3 or S3-compatible storage:
- Enter the access key ID and secret access key for your S3-compatible storage.
For Azure Blob storage:
- Enter the following identifiers for the Blob storage in your Azure account:
- subscription ID
- tenant ID
- resource group
- client ID
- Enter your client secret key.
- Select the name of your Azure cloud from the dropdown list.
For more information about setting up your
Azure subscription and retrieving the values for these fields, see
Account Setup for Azure Blob Target Location.
- After you finish configuring the access details for your storage account, click Create.
Results
After you complete this procedure, you have a credential that you can use to create a target location for data protection that points to a self-provisioned storage location. You can see your new credential listed on the Administration page in the Tanzu Mission Control console, and can choose that credential when you create a target location.
Note: The flags that you use when creating a data protection credential using the command line in
Tanzu Mission Control Self-Managed differ from those you use for SaaS. Use the a command like the following to create a data protection credential:
tmc account credential create --capability DATA_PROTECTION --provider GENERIC_S3 --aws-access-key-id my-id --aws-secret-access-key "my-secret-key" --name my-aws-credential
Make sure you replace the values in this example with the appropriate strings for your situation.