From 35c2bce900a28280a6d6aac8951f5992ed932101 Mon Sep 17 00:00:00 2001
From: Eamonn Mansour <47121388+eamansour@users.noreply.github.com>
Date: Fri, 1 Nov 2024 11:41:04 +0000
Subject: [PATCH] docs: Add docs on rotating encryption keys and managing
 secrets

Signed-off-by: Eamonn Mansour <47121388+eamansour@users.noreply.github.com>
---
 src/data/nav.yaml                             |   6 +-
 .../ecosystem/ecosystem-installing-k8s.md     |  34 +++
 .../ecosystem/ecosystem-manage-cps-yaml.md    | 115 ----------
 .../docs/ecosystem/ecosystem-manage-creds.md  | 156 +++++++++++++
 .../ecosystem/ecosystem-manage-resources.md   | 206 ++++++++++++++++++
 .../docs/ecosystem/ecosystem-update-creds.md  | 151 -------------
 6 files changed, 399 insertions(+), 269 deletions(-)
 delete mode 100644 src/markdown-pages/docs/ecosystem/ecosystem-manage-cps-yaml.md
 create mode 100644 src/markdown-pages/docs/ecosystem/ecosystem-manage-creds.md
 create mode 100644 src/markdown-pages/docs/ecosystem/ecosystem-manage-resources.md
 delete mode 100644 src/markdown-pages/docs/ecosystem/ecosystem-update-creds.md

diff --git a/src/data/nav.yaml b/src/data/nav.yaml
index 1a68300c..cd7012ba 100644
--- a/src/data/nav.yaml
+++ b/src/data/nav.yaml
@@ -97,9 +97,9 @@
             - title: Configuring authentication
               path: /docs/ecosystem/ecosystem-authentication
             - title: Configuring an Ecosystem using resource files
-              path: /docs/ecosystem/cps-yaml  
-            - title: Updating credentials in an Ecosystem
-              path: /docs/ecosystem/ecosystem-update-creds 
+              path: /docs/ecosystem/resources-yaml  
+            - title: Managing credentials in an Ecosystem
+              path: /docs/ecosystem/ecosystem-manage-creds 
             - title: Managing configuration properties
               path: /docs/ecosystem/ecosystem-manage-cps              
         - title: Managing tests in a Galasa Ecosystem
diff --git a/src/markdown-pages/docs/ecosystem/ecosystem-installing-k8s.md b/src/markdown-pages/docs/ecosystem/ecosystem-installing-k8s.md
index 8017400e..bb6d0508 100644
--- a/src/markdown-pages/docs/ecosystem/ecosystem-installing-k8s.md
+++ b/src/markdown-pages/docs/ecosystem/ecosystem-installing-k8s.md
@@ -236,6 +236,40 @@ where:<br>
 - `galasaVersion` is set to the version that you want to use and<br>
 - `<release-name>` is the name that you gave to the Ecosystem during installation
 
+## Rotating Encryption Keys
+
+To maintain the security of your Galasa Ecosystem, you may wish to replace the encryption key being used to encrypt credentials in the Galasa Ecosystem's credentials store with a new encryption key, and re-encrypt all your existing credentials using the new key.
+
+**Before proceeding to rotate encryption keys, it is highly recommended to make a backup of the existing credentials stored in your Galasa Ecosystem by running the following command using the Galasa CLI tool:**
+
+```console
+galasactl secrets get --format yaml > /path/to/backup/file.yaml
+```
+
+**where `/path/to/backup/file.yaml` is either an absolute or relative path of your choice to a file where the backup will be stored.**
+
+For Linux and macOS, you can download and run the <a href=https://github.com/galasa-dev/helm/blob/main/rotate-encryption-keys.sh target="_blank" rel="noopener noreferrer">rotate-encryption-keys.sh</a> script via the command-line to simplify the process of rotating encryption keys and re-encrypting credentials.
+
+This script requires the following command-line utilities to be installed:
+
+- [kubectl](https://kubernetes.io/docs/tasks/tools) (v1.30.3 or later)
+- [galasactl](../cli-command-reference/installing-cli-tool.md) (0.38.0 or later)
+- openssl (3.3.2 or later)
+
+The following flags can be supplied when running the script:
+- `--release-name <name>` **Required**. The helm release name provided when installing the Galasa Ecosystem helm chart (see [Installing your Galasa Ecosystem](#installing-your-galasa-ecosystem))
+- `--namespace <namespace>` Optional. The Kubernetes namespace where your Galasa Ecosystem is installed
+- `--bootstrap <bootstrap-url>` Optional. The bootstrap URL of the Galasa Ecosystem that is being serviced. Not required if the `GALASA_BOOTSTRAP` environment variable is set and is pointing to the correct bootstrap URL. Overrides the existing `GALASA_BOOTSTRAP` environment variable value if set
+
+For example:
+
+```console
+./rotate-encryption-keys.sh --release-name example --namespace galasa-dev
+```
+
+The `rotate-encryption-keys.sh` script will automatically update the current encryption key with a new one, and then restart your Galasa Ecosystem's API and engine controller pods so that they can pick up the new encryption key. After rotating the encryption keys, the script will re-encrypt the existing secrets in your Galasa Ecosystem using the newly activated encryption key.
+
+Once the encryption keys have been rotated and the existing secrets have been re-encrypted, the script will clear the fallback decryption keys list and restart the API and engine controller pods for a final time to keep the Galasa services in sync with the contents of the encryption keys secret.
 
 ### Troubleshooting
 
diff --git a/src/markdown-pages/docs/ecosystem/ecosystem-manage-cps-yaml.md b/src/markdown-pages/docs/ecosystem/ecosystem-manage-cps-yaml.md
deleted file mode 100644
index cdafee9d..00000000
--- a/src/markdown-pages/docs/ecosystem/ecosystem-manage-cps-yaml.md
+++ /dev/null
@@ -1,115 +0,0 @@
----
-path: "/docs/ecosystem/cps-yaml"
-title: "Configuring an Ecosystem using resource files"
----
-
-You might want to create or update a number of different Galasa properties and associated values at the same time, for example to configure a different Galasa Ecosystem. A good way to do this is by using a yaml file containing property resources and associated values to set the configuration of your Ecosystem. 
-
-The topic [Managing integrated test runs](../ecosystem/ecosystem-manage-cps) describes how to use the `galasactl properties get` command with the `--format yaml` flag specified to extract a yaml file which describes Galasa properties and property values. 
-
-If more than one property is returned, each property is separated in the file by three dashes, `---`, as shown in the following example: 
-
-```
-apiVersion: galasa-dev/v1alpha1
-kind: GalasaProperty
-metadata:
-  name: engine.LOCAL.hostname
-  namespace: docker
-data:
-  value: 127.0.0.1
----
-apiVersion: galasa-dev/v1alpha1
-kind: GalasaProperty
-metadata:
-  name: engine.REMOTE.hostname
-  namespace: docker
-data:
-  value: 103.67.89.6
-```
-
-You can update the values in this yaml file and then create, update, or apply those updates by using the galasactl command line tool, as described in the following section. 
-
-
-Alternatively, if you want to create a new yaml file, you can do so but you must use the following example format:
-
-
-```
-apiVersion: galasa-dev/v1alpha1
-kind: GalasaProperty
-metadata:
-  name: my.property1
-  namespace: myNamespace1
-data:
-  value: myValue1
----
-apiVersion: galasa-dev/v1alpha1
-kind: GalasaProperty
-metadata:
-  name: my.property2
-  namespace: myNamespace2
-data:
-  value: myValue2
-```
-
-where:
-- `apiVersion` is the version of the API that you are using
-- `kind` is the type of resource you want to create or update. The current available value is `GalasaProperty`
-- `name` is the name of the property that you want to create or update
-- `namespace` is the namespace in which the property is contained in the configuration properties store (cps.properties). 
-- `value` is the value that you want to assign to the specified property in the specified namespace
-
-
-You can define multiple properties and values in the same yaml file by separating them using three dashes, `---`, as shown in the example.
-
-You can save the file with a `.yaml` or `.yml` file extension.
-
-
-
-### Creating and updating properties using a yaml resource file
-
-You can use the galasactl command line tool to sumbit a yaml file to create new properties, or to update existing ones.
-
-Use the following command to create a new property or properties in a specified namespace by using a yaml file called `myFile.yaml`:
-
-```
-galasactl resources create -f myFile.yaml
-```
-
-Use the following command to update an existing property or properties by using a yaml file called `myFile.yaml`:
-
-```
-galasactl resources update -f myFile.yaml
-```
-
-Use the following command to create a new property if the property does not exist and update an existing property if the property does exist by using a yaml file called `myFile.yaml`:
-
-```
-galasactl resources apply -f myFile.yaml
-```
-
-An error message is returned if the action is not able to complete successfully. For example, if a property could not be created in a particular namespace because the property already exists in that namespace.
- 
-
-### Deleting properties using a yaml resource file
-
-When maintaining an Ecosystem, you might have a yaml file containing Galasa property resource definitions and want to delete a corresponding set of properties stored on the server in an Ecosystem. You can do this by using the following command: 
-
-```
-galasactl resources delete -f {filename}
-```
-
-where:
-
-`{filename}` is the name of the yaml file that contains the list of properties that you want to delete.
-
-For example, you might have a list of resources that you want to delete in a file called `resources_to_delete.yaml`. You can delete those resources by running the following command:
-
-```
-galasactl resources delete -f resources_to_delete.yaml
-```
-
-
-For a complete list of supported parameters see the <a href="https://github.com/galasa-dev/cli/blob/main/docs/generated/galasactl_resources.md" target="_blank"> galasactl resources</a> documentation in the Galasa cli repository.
-
-
-
diff --git a/src/markdown-pages/docs/ecosystem/ecosystem-manage-creds.md b/src/markdown-pages/docs/ecosystem/ecosystem-manage-creds.md
new file mode 100644
index 00000000..a86b4cc2
--- /dev/null
+++ b/src/markdown-pages/docs/ecosystem/ecosystem-manage-creds.md
@@ -0,0 +1,156 @@
+---
+path: "/docs/ecosystem/ecosystem-manage-creds"
+title: "Managing credentials in an Ecosystem"
+---
+
+[Setting secrets](#setting-secrets)<br>
+[Getting secrets](#getting-secrets)<br>
+[Deleting secrets](#deleting-secrets)<br>
+
+It is likely that a test will need to pass credentials to the application being tested. For example, as HTTP credentials or as username and password values entered onto a 3270 screen. In a Galasa Ecosystem the credentials store (CREDS), which is hosted in the etcd server, securely provides the credentials (for example, password, username, and personal access token) that are required for a test to run in automation.  
+
+You can set a Username, UsernamePassword, Token, or UsernameToken secret in the CREDS by using the Galasa CLI tool's `secrets` commands. The ability to set these properties means that you can supply test cases with the credentials and tokens that they need to run.
+
+The following examples show how you can update the CREDS, and will refer to credentials as secrets. The example commands that are provided in the following sections assume that the `GALASA_BOOTSTRAP` environment variable is set, so the `--bootstrap` flag is not required in the command.
+
+## <a name="setting-secrets"></a>Creating and updating secrets
+
+The `galasactl secrets set` command can be used to create or update secrets in the CREDS. The command's `--username`, `--password`, and `--token` flags can be used in different combinations to create different types of secret.
+
+Optionally, a description can be provided when setting secrets using the `--description` flag to provide useful information as to what the secrets are used for.
+
+For example, a UsernamePassword secret can be created by supplying `--username` and `--password`:
+
+```
+galasactl secrets set --name SYSTEM1 --username "my-username" --password "my-password" --description "an example secret"
+```
+
+A UsernameToken secret can be created by supplying `--username` and `--token`:
+
+```
+galasactl secrets set --name SYSTEM1 --username "my-username" --token "my-token"
+```
+
+A Token secret can be created by supplying `--token` on its own:
+```
+galasactl secrets set --name SYSTEM1 --token "my-token"
+```
+
+A Username secret can be created by supplying `--username` on its own:
+
+```
+galasactl secrets set --name SYSTEM1 --username "my-username"
+```
+
+Base64-encoded values can be supplied using the `--base64-username`, `--base64-password`, and `--base64-token` flags. These base64 flags can be used with the non-encoded flags described above to supply values in different encoding schemes. However, you cannot provide the same value in multiple encoding schemes (e.g. using `--base64-username` and `--username` in the same command).
+
+For example, to create a UsernamePassword secret where both the username and password are base64-encoded:
+
+```
+galasactl secrets set --name SYSTEM1 --base64-username "my-base64-username" --base64-password "my-base64-password"
+```
+
+To create a UsernameToken secret where only the token is base64-encoded:
+
+```
+galasactl secrets set --name SYSTEM1 --username "my-base64-username" --base64-token "my-base64-token"
+```
+
+Once a secret has been created, you can change the type of the secret by supplying your desired secret type using the `--type` flag. When supplying the `--type` flag, all values for the new secret type must be provided. To find out what secret types are supported, run `galasactl secrets set --help`.
+
+For example, to create a UsernamePassword secret and then change it to a Token secret:
+
+```
+galasactl secrets set --name SYSTEM1 --username "my-username" --password "my-password"
+galasactl secrets set --name SYSTEM1 --token "my-token" --type Token
+```
+
+Updated credentials are now available for a test to run in automation on a Galasa Ecosystem.
+
+For a complete list of supported parameters see the <a href="https://github.com/galasa-dev/cli/blob/main/docs/generated/galasactl_secrets_set.md" target="_blank" rel="noopener noreferrer">galasactl secrets set</a> documentation in the CLI repository.
+
+## <a name="getting-secrets"></a>Getting secrets
+
+You can use the `galasactl secrets get` command to get secrets stored in the CREDS to verify that the secrets exist and are populated correctly. You can also filter results to retrieve a specific secret by providing its name in `galasactl secrets get` commands.
+
+The following table shows the available output formats that can be provided as part of the `galasactl secrets get` command:
+
+| Name |  Description  |
+| :---- | :-------- | 
+| `--format summary` | The default format is _summary_. Summary format is useful if you need a quick, high-level overview. If you omit the `--format` flag in the command, results are returned in summary format. You can set the summary format explicitly by setting the `--format summary` flag in the `galasactl secrets get` command.   | 
+| `--format yaml` |  The results from `galasactl secrets get` are returned as GalasaSecret resources in YAML format. This YAML content can then be used in `galasactl resources` commands to create, update, and delete secrets using a YAML file. See [Configuring an Ecosystem using resource files](../ecosystem/resources-yaml) for more details.|
+
+For example, you can use the following command to retrieve all secrets in `yaml` format:
+
+```
+galasactl secrets get --format yaml
+```
+
+For a complete list of supported parameters see the <a href="https://github.com/galasa-dev/cli/blob/main/docs/generated/galasactl_secrets_get.md" target="_blank" rel="noopener noreferrer">galasactl secrets get</a> documentation in the CLI repository.
+
+### Getting all secrets
+
+To retrieve all secrets stored in a Galasa Ecosystem, run the following command:
+```
+galasactl secrets get
+```
+
+This will display the retrieved secrets in a summary format:
+
+```
+name    type             last-updated(UTC)   last-updated-by description
+SIMBANK UsernamePassword 2024-11-01 10:43:06 galasa-user     credentials for simbank
+SYSTEM2 Token            2024-11-01 10:43:41 galasa-user2    example access token
+SYSTEM1 Username         2024-11-01 10:42:46 galasa-user3    example secret
+
+Total:3
+```
+
+### Get a secret by name
+
+To retrieve a secret with a specific name, use the following example command:
+
+```
+galasactl secrets get --name {mysecret}
+```
+
+where `{mysecret}` is the name of the secret that you want to get.
+
+For example, to view a secret named `SYSTEM1`, run the following command:
+
+```
+galasactl secrets get --name SYSTEM1
+```
+
+The following example shows the returned secret:
+
+```
+name    type             description       last-updated(UTC)   last-updated-by
+SYSTEM1 UsernamePassword an example secret 2024-10-30 16:23:49 galasa-user
+
+Total:1
+```
+
+## <a name="deleting-secrets"></a>Deleting secrets
+
+When a secret is no longer used or required by tests, it can be deleted from the Galasa Ecosystem using the `galasactl secrets delete` command, supplying the name of the secret as part of the command.
+
+To delete a specific secret, use the following command:
+
+```
+galasactl secrets delete --name {mysecret}
+```
+
+where:
+`{mysecret}` is the name of the secret that you want to delete.
+
+
+For example, to delete a secret called `SIMBANK`, run the following command:
+
+```
+galasactl secrets delete --name SIMBANK
+```
+
+If the secret does not exist, an error will be displayed to indicate that the secret could not be found.
+
+For a complete list of supported parameters see the <a href="https://github.com/galasa-dev/cli/blob/main/docs/generated/galasactl_secrets_delete.md" target="_blank" rel="noopener noreferrer">galasactl secrets delete</a> documentation in the CLI repository.
diff --git a/src/markdown-pages/docs/ecosystem/ecosystem-manage-resources.md b/src/markdown-pages/docs/ecosystem/ecosystem-manage-resources.md
new file mode 100644
index 00000000..43cf2f2e
--- /dev/null
+++ b/src/markdown-pages/docs/ecosystem/ecosystem-manage-resources.md
@@ -0,0 +1,206 @@
+---
+path: "/docs/ecosystem/resources-yaml"
+title: "Configuring an Ecosystem using resource files"
+---
+
+You might want to create or update a number of different Galasa properties and associated values at the same time, for example to configure a different Galasa Ecosystem. A good way to do this is by using a YAML file containing Galasa resources and their associated values to set the configuration of your Ecosystem, as described in the [Creating and updating resources using a YAML resource file](#setting-resources) section.
+
+## Configuration Properties as GalasaProperty resources
+
+The topic [Managing integrated test runs](../ecosystem/ecosystem-manage-cps) describes how to use the `galasactl properties get` command with the `--format yaml` flag specified to extract a YAML file which describes Galasa properties and property values. 
+
+If more than one property is returned, each property is separated in the file by three dashes, `---`, as shown in the following example: 
+
+```yaml
+apiVersion: galasa-dev/v1alpha1
+kind: GalasaProperty
+metadata:
+  name: engine.LOCAL.hostname
+  namespace: docker
+data:
+  value: 127.0.0.1
+---
+apiVersion: galasa-dev/v1alpha1
+kind: GalasaProperty
+metadata:
+  name: engine.REMOTE.hostname
+  namespace: docker
+data:
+  value: 103.67.89.6
+```
+
+
+Alternatively, if you want to create a new YAML file, you can do so but you must use the following example format:
+
+
+```yaml
+apiVersion: galasa-dev/v1alpha1
+kind: GalasaProperty
+metadata:
+  name: my.property1
+  namespace: myNamespace1
+data:
+  value: myValue1
+---
+apiVersion: galasa-dev/v1alpha1
+kind: GalasaProperty
+metadata:
+  name: my.property2
+  namespace: myNamespace2
+data:
+  value: myValue2
+```
+
+where:
+- `apiVersion` is the version of the API that you are using
+- `name` is the name of the property that you want to create or update
+- `namespace` is the namespace in which the property is contained in the configuration properties store (cps.properties). 
+- `value` is the value that you want to assign to the specified property in the specified namespace
+
+
+You can define multiple properties and values in the same YAML file by separating them using three dashes, `---`, as shown in the example.
+
+You can save the file with a `.yaml` or `.yml` file extension.
+
+
+## Credentials as GalasaSecret resources
+
+The topic [Managing credentials in an Ecosystem](../ecosystem/ecosystem-manage-creds) describes how to use the `galasactl secrets get` command with the `--format yaml` flag specified to extract a YAML file which describes Galasa secrets.
+
+If more than one secret is returned, each secret is separated in the file by three dashes, `---`, as shown in the following example: 
+
+```yaml
+apiVersion: galasa-dev/v1alpha1
+kind: GalasaSecret
+metadata:
+  name: SYSTEM1
+  type: UsernamePassword
+  encoding: base64
+  description: an example username and password secret
+  lastUpdatedTime:
+  lastUpdatedBy: myuser
+data:
+  username: <base64-encoded-username>
+  password: <base64-encoded-password>
+---
+apiVersion: galasa-dev/v1alpha1
+kind: GalasaSecret
+metadata:
+  name: SYSTEM2
+  type: Token
+  encoding: base64
+  description: an example token secret
+  lastUpdatedTime:
+  lastUpdatedBy: anotheruser
+data:
+  token: <base64-encoded-token>
+```
+
+You can update the values in this YAML file and then create, update, or apply those updates by using the galasactl command line tool, as described in the following section. 
+
+
+Alternatively, if you want to create a new YAML file, you can do so using the following example format:
+
+
+```yaml
+apiVersion: galasa-dev/v1alpha1
+kind: GalasaSecret
+metadata:
+  name: SYSTEM1
+  type: UsernameToken
+  description: an example username and token secret
+data:
+  username: <username>
+  token: <token>
+---
+apiVersion: galasa-dev/v1alpha1
+kind: GalasaSecret
+metadata:
+  name: SYSTEM2
+  type: Username
+  encoding: base64
+  description: an example username secret
+data:
+  username: <base64-encoded-username>
+```
+
+where:
+- `apiVersion` is the version of the API that you are using
+- `name` is the name of the secret that you want to create or update
+- `type` is the type of secret that you want to create or update. Supported values are: `Username`, `UsernamePassword`, `UsernameToken`, and `Token`
+- `encoding` is an optional encoding scheme applied to all fields in the `data` section. The currently available value for this is `base64`. If this is not provided, then the fields in the `data` section are assumed to be provided without any encoding applied
+- `description` is an optional field that allows you to supply a description associated with the secret being created or updated
+- `username` is the username value to be set for a secret, and is provided when the `type` is `Username`, `UsernamePassword`, or `UsernameToken`
+- `password` is the password value to be set for a secret, and is provided when the `type` is `UsernamePassword`
+- `token` is the token value to be set for a secret, and is provided when the `type` is `Token` or `UsernameToken`
+
+
+You can define multiple secrets in the same YAML file by separating them using three dashes, `---`, as shown in the example.
+
+You can save the file with a `.yaml` or `.yml` file extension.
+
+
+## <a name="setting-resources"></a>Creating and updating resources using a YAML file
+
+You can use the galasactl command line tool to submit a YAML file to create new Galasa resources, including properties and credentials, or to update existing ones. The YAML files can contain different types of Galasa resources, where each resource is separated by three dashes `---`. For example, a GalasaProperty resource and a GalasaSecret resource can both be created using the following format:
+
+```yaml
+apiVersion: galasa-dev/v1alpha1
+kind: GalasaSecret
+metadata:
+  name: SYSTEM1
+  type: Token
+  description: an example token secret
+data:
+  token: myToken
+---
+apiVersion: galasa-dev/v1alpha1
+kind: GalasaProperty
+metadata:
+  name: my.property1
+  namespace: myNamespace1
+data:
+  value: myValue1
+```
+
+Use the following command to create Galasa resources by using a YAML file called `myFile.yaml`:
+
+```
+galasactl resources create -f myFile.yaml
+```
+
+Use the following command to update Galasa resources by using a YAML file called `myFile.yaml`:
+
+```
+galasactl resources update -f myFile.yaml
+```
+
+Use the following command to create a new Galasa resource if the resource does not exist or update an existing resource by using a YAML file called `myFile.yaml`:
+
+```
+galasactl resources apply -f myFile.yaml
+```
+
+An error message is returned if the action is not able to complete successfully. For example, if a property could not be created in a particular namespace because the property already exists in that namespace.
+ 
+
+## Deleting resources using a YAML file
+
+When maintaining an Ecosystem, you might have a YAML file containing Galasa property resource definitions and want to delete a corresponding set of Galasa resources stored on the server in an Ecosystem. You can do this by using the following command: 
+
+```
+galasactl resources delete -f {filename}
+```
+
+where:
+
+`{filename}` is the name of the YAML file that contains the list of Galasa resources that you want to delete.
+
+For example, you might have a list of resources that you want to delete in a file called `resources_to_delete.yaml`. You can delete those resources by running the following command:
+
+```
+galasactl resources delete -f resources_to_delete.yaml
+```
+
+
+For a complete list of supported parameters see the <a href="https://github.com/galasa-dev/cli/blob/main/docs/generated/galasactl_resources.md" target="_blank"> galasactl resources</a> documentation in the Galasa CLI repository.
diff --git a/src/markdown-pages/docs/ecosystem/ecosystem-update-creds.md b/src/markdown-pages/docs/ecosystem/ecosystem-update-creds.md
deleted file mode 100644
index a185ca4d..00000000
--- a/src/markdown-pages/docs/ecosystem/ecosystem-update-creds.md
+++ /dev/null
@@ -1,151 +0,0 @@
----
-path: "/docs/ecosystem/ecosystem-update-creds"
-title: "Updating credentials in an Ecosystem"
----
-
-It is likely that a test will need to pass credentials to the application being tested. For example, as HTTP credentials or as username and password values entered onto a 3270 screen. In a Galasa Ecosystem the credentials store (CREDS), which is hosted in the etcd server, securely provides the credentials (for example, password, username, and personal access token) that are required for a test to run in automation.  
-
-You can set a username, password, or token in the CREDS by using a Visual Studio Code (VS Code) Kubernetes extension or by using the command line. The ability to set these properties means that you can supply test cases with the credentials and tokens that they need to run. To set these credentials you must have permission to access the CREDS pod on a Galasa Ecosystem. You can then use the etcdctl tool to manipulate the etcd server values in a [namespace](../ecosystem/ecosystem-manage-cps). 
-
-The following examples show how you can update the CREDS. In these examples, the CREDS pod is called `creds` and the namespace is `galasa-ecosystem`.
-
-
-## Logging into the CREDS pod by using the VSCode Kubernetes extension
-
-Complete the following steps to log into the CREDS pod using the VS Code Kubernetes extension.
-
-1. In the VSCode Kubernetes extension, confirm that the tool is pointing at the Kubernetes cluster that hosts your Galasa Ecosystem. If it is not, you can select the cluster by navigating to `Clusters`, right-clicking the cluster you need, and selecting `Set as Current Cluster`.
-2. Set your namespace to `galasa-ecosystem` by navigating to `Namespaces`, right-clicking the namespace and selecting `Use Namespace`.
-3. Go to your Pods by navigating to `Workloads`>`Pods`.
-4. Exec on to the `creds` pod by right-clicking the pod and selecting `Terminal`, or by selecting the `Terminal` icon. A shell of the `creds` pod opens in VSCode.
-
-
-## Logging into the CREDS pod by using the command line
-
-1. Open a terminal and on the command line, exec into your `creds` pod:
-```
-kubectl exec -it creds -n galasa-ecosystem -- /bin/sh
-```
-
-
-## Configuring credentials in the CREDS pod
-
-Once you are shelled into your `creds` pod you can configure credentials by using the `etcdctl` command line tool to interact with the etcd server.
-
-First, set the `etcd` version by running the following command: 
-```
-export ETCDCTL_API=3
-```
-
-You can then use the following `etcdctl` commands in your CREDS pod to help you to configure your credentials.
-
-
-### Retrieve all credentials 
-
-To retrieve all credentials, run the following command:
-```
-etcdctl get --prefix ""
-```
-
-### Retrieve all credentials with a specified prefix
-
-To retrieve all credentials with a specified prefix, use the following example command:
-```
-etcdctl get --prefix "{myprefix}"
-```
-where `{myprefix}` is the value that you want the returned credentials to start with.
-
-For example, to view all credentials that start with `secure.credentials.SIMBANK`, run the following command:
-```
-etcdctl get --prefix "secure.credentials.SIMBANK"
-```
-The following example shows the returned credentials:
-```
-/ # etcdctl get --prefix "secure.credentials.SIMBANK"
-secure.credentials.SIMBANK.password
-SYS1
-secure.credentials.SIMBANK.username
-IBMUSER
-```
-
-### Retrieve a specific credential
-
-To retrieve a specific credential, use the following example command: 
-```
-etcdctl get {key}
-```
-where `{key}` is the name of the credential that you want returned 
-
-For example, to retrieve the credential `secure.credentials.SIMBANK.username`, run the following command:
-
-```
-etcdctl get --prefix "secure.credentials.SIMBANK.username"
-```
-
-The following example shows the returned credential:
-
-```
-/ # etcdctl get secure.credentials.SIMBANK.username
-secure.credentials.SIMBANK.username
-IBMUSER
-```
-
-### Create or update a credential
-
-To retrieve a specific credential, use the following example command: 
-
-```
-etcdctl put {key} {value}
-```
-
-where:<br>
-`{key}` is the name of the credential that you want to update and<br>
-`{value}` is the value that you want to give to that credential
-
-For example, to update the credential `secure.credentials.SIMBANK.username` with a value of `NEWUSER`, run the following command:
-
-```
-etcdctl put secure.credentials.SIMBANK.username NEWUSER
-```
-
-The following example shows a successful response:
-```
-/ # etcdctl put secure.credentials.SIMBANK.username NEWUSER
-OK
-```
-
-
-### Delete a credential
-
-To delete a specific credential, use the following example command: 
-
-```
-etcdctl del {key}
-```
-
-where:
-`{key}` is the name of the credential that you want to delete
-
-
-For example, to delete the credential `secure.credentials.SIMBANK.username`, run the following command:
-
-```
-etcdctl del secure.credentials.SIMBANK.username
-```
-
-The following example shows a successful response:
-```
-/ # etcdctl del secure.credentials.SIMBANK.username
-1
-```
-
-If the credential does not exist, a value of `0` rather than `1` is returned in the response.
-
-### Exit the shell
-
-To exit the shell, simply run:
-```
-exit
-```
-
-Updated credentials are now available for a test to run in automation on a Galasa Ecosystem.
\ No newline at end of file