Set Up Your Vault
How to create your Vault, a secure place to store the credentials for your migration.
Last updated
Was this helpful?
How to create your Vault, a secure place to store the credentials for your migration.
Last updated
Was this helpful?
Now that you’ve gathered your source and destination credentials, you need to make them available to Warp so that it can perform migrations.
You also need to ensure that these credentials are secured so that only Warp can use them. You’ll do this by setting up a Vault — an encrypted file containing the credentials. To decrypt these credentials, you’ll provide Warp with the Vault key, the decryption key for the Vault file.
In this section, you will:
Set up your Project's Vault by creating the Vault file
Push the Vault file to Migration HQ, and
Installing the Vault key as a secret in Migration HQ.
You’ll do all this by using the Warp Vault desktop app and GitHub.com, and confirm it was done by looking at the updates to Migration HQ.
At the end of this section, you will have a Vault file uploaded to Migration HQ, which will provide Warp with the credentials necessary for performing your migrations.
If you haven't already, you'll need to on your local machine before proceeding with the following steps.
🛠️ To kick things off, you'll need to create a Vault for your Migration Project. Open the Warp Vault application on your machine, expand the Add Menu, and choose "Create Vault".
🛠️ In the window that appears, click on the button to Select a Directory. You'll need to choose the config folder inside of the local clone of your Migration HQ repository.
It's important to get this right. If you don't choose the config folder in your local Migration HQ clone, Warp won't be able to access your credentials in later steps.
🛠️ After choosing the directory to save your Vault, you can choose an Icon, give your Vault a Name, and a Description. These fields are local to your machine, and help you identify your Vault in the list (if you have multiple).
🛠️ Finally, after clicking Create, you'll be presented with your Vault's Master Key. Store this key in a secure location, such as your password manager. You'll need it to complete setup and make changes to your Vault's credentials in the future.
Securely store your Master Key in a password manager. If you lose track of it, the contents of your Vault will be lost, and you won't be able to proceed with the rest of the setup process.
Your Vault has been created— congratulations! The next step is to add credentials to it.
In order to migrate your repositories, you must provide Warp with two key sets of credentials:
Credentials authorizing access to the repositories at the source.
Credentials authorizing the creation of new repositories at the destination organization in GitHub.
🛠️ First, let’s get the credentials for the source — that is, the system that you’re migrating repositories from.
🛠️ You'll also need the credentials for your destination — that is, the system that you’re migrating repositories to.
Once your credentials have been collected, you'll be ready to add them to your Vault.
🛠️ Use the Add Button in Warp Vault to add each type of credential you need for your Migration Project. Selecting a credential type will add a new entry to your Vault, opening a form where you can edit its details and configuration.
Now that you've added credentials to your Vault, the next step is to test them. This process ensures your credentials are ready to use with Warp, and that you'll be able to perform migrations successfully.
🛠️ Use the Credential Testing feature of Warp Vault to test the credentials you've configured. When each credential you've configured has a Green Check, you can save your changes and proceed.
Next, you'll need to commit and push your encrypted Vault to your Migration HQ repository.
🛠️ Open your local clone of Migration HQ in your favorite Git client. Then add, commit, and push the file to your Migration HQ.
Just to be certain, let’s take a look at Migration HQ to make sure that the Vault was actually pushed there.
🛠️ Open Migration HQ in a browser tab or panel and select the Code tab:
🛠️ Look at the files in the directory and look at the config directory’s last commit message: “Update Vault.”
Also, take note that its commit time is more recent than any of the other items in the repository.
🛠️ Open the config directory:
🛠️ Look at the Vault file — once again, it’s vault.age. Its last commit message and last commit date confirm that it was pushed to Migration HQ at the end of the Vault creation process.
The next step is to store the key for the Vault in the Migration HQ repository. This will allow Warp’s GitHub Actions to access the personal access tokens you encrypted into the Vault, which in turn will allow them to migrate your repositories from Azure DevOps to GitHub.
You should confirm that your Vault key was successfully stored in Migration HQ by checking the repository’s Secrets section in GitHub.
🛠️ Open a browser tab or window to the Migration HQ repository in GitHub and click the Settings tab.
🛠️ In the menu on the left side of the page, select Secrets and variables to expand it, then select Actions:
You will be taken to the Actions secrets and variables page for Migration HQ :
🛠️ Check the Repository secrets section and confirm that it contains a secret named PKFS_MASTER_KEY.
If you see the PKFS_MASTER_KEY secret, you have successfully stored the Vault key in Migration HQ. If not, you should run the gh warp vault place command again.
For a list of credential types supported by Warp Vault and how to configure them, refer to the page in this document.
You'll need to configure a separate GitHub Personal Access Token to allow Warp to migrate repositories and data into your destination environment. For configuration instructions, refer to the credential documentation.
Luckily, Warp Vault has an integrated credential testing feature that makes this process a breeze. An example of how to use this feature is shown in the video snippet below, and you can walk through the process in detail through the .
Yes. Warp's model for securely storing your secrets as an encrypted file in your Migration HQ repository follows for managing large secrets on the platform.
You can do this manually by copying the Vault key and pasting it into the Migration HQ repository’s settings.
With the Vault file and secret install in Migration HQ, Warp now has the credentials to access your source repositories and destination GitHub organization. You’re ready to .
