# Set Up Your Vault ### Objective Now that you’ve gathered your source and destination credentials, you need to make them available to Warp so that it can perform migrations. You also need to ensure that these credentials are secured so that only Warp can use them. You’ll do this by setting up a *Vault* — an encrypted file containing the credentials. To decrypt these credentials, you’ll provide Warp with the *Vault key*, the decryption key for the Vault file. In this section, you will: * Set up your Project's Vault by creating the Vault file * Push the Vault file to *Migration HQ*, and * Installing the Vault key as a secret in *Migration HQ*. You’ll do all this by using the Warp Vault desktop app and GitHub.com, and confirm it was done by looking at the updates to *Migration HQ*. **At the end of this section, you will have a Vault file uploaded to *****Migration HQ*****, which will provide Warp with the credentials necessary for performing your migrations.** {% hint style="info" %} Search for the 🛠️ emoji if you’d like to skim through this content while focusing on the steps you need to follow. {% endhint %} ### Before You Begin If you haven't already, you'll need to [install Warp Vault](/using-warp/warp-vault/download-warp-vault.md) on your local machine before proceeding with the following steps. {% hint style="info" %} Looking for a quick tour of Warp Vault's features and interface? Check out [this demo](https://packfiles.navattic.com/ybw09zv). {% endhint %} ### Create Your Vault 🛠️ To kick things off, you'll need to create a Vault for your Migration Project. Open the Warp Vault application on your machine, expand the **Add Menu**, and choose "Create Vault". {% embed url="" %} Creating a New Vault {% endembed %} 🛠️ In the window that appears, click on the button to **Select a Directory**. You'll need to choose the **config** folder inside of the local clone of your **Migration HQ repository**. {% hint style="warning" %} It's important to get this right. If you don't choose the **config** folder in your local **Migration HQ** clone, Warp won't be able to access your credentials in later steps. {% endhint %} {% embed url="" %} Selecting a Vault's Location on Disk {% endembed %} 🛠️ After choosing the directory to save your Vault, you can choose an **Icon**, give your Vault a **Name**, and a **Description**. These fields are local to your machine, and help you identify your Vault in the list (if you have multiple). {% embed url="" %} Filling in a Vault's Name and Description {% endembed %} 🛠️ Finally, after clicking **Create**, you'll be presented with your Vault's Master Key. Store this key in a secure location, such as your password manager. You'll need it to complete setup and make changes to your Vault's credentials in the future. {% hint style="warning" %} Securely store your Master Key in a password manager. **If you lose track of it, the contents of your Vault will be lost**, and you won't be able to proceed with the rest of the setup process. {% endhint %} {% embed url="" %} Unlocking a Vault with its Master Key {% endembed %} ### Add Credentials to Your Vault Your Vault has been created— congratulations! The next step is to **add credentials** to it. In order to migrate your repositories, you must provide Warp with two key sets of credentials: 1. Credentials authorizing access to the repositories at the source. 2. Credentials authorizing the creation of new repositories at the destination organization in GitHub. 🛠️ First, let’s get the credentials for the source — that is, the system that you’re migrating repositories *from*. {% hint style="success" %} For a list of credential types supported by Warp Vault and how to configure them, refer to the [Supported Credential Providers](/using-warp/warp-vault/supported-credential-providers.md) page in this document. {% endhint %} 🛠️ You'll also need the credentials for your destination — that is, the system that you’re migrating repositories *to*. You'll need to configure a separate GitHub Personal Access Token to allow Warp to migrate repositories and data into your destination environment. For configuration instructions, refer to the [GitHub (Destination)](/using-warp/warp-vault/supported-credential-providers/get-your-github-credentials.md) credential documentation. Once your credentials have been collected, you'll be ready to add them to your Vault. 🛠️ Use the **Add Button** in Warp Vault to add each type of credential you need for your Migration Project. Selecting a credential type will add a new entry to your Vault, opening a form where you can edit its details and configuration. {% embed url="" %} Adding Credentials to Warp Vault {% endembed %} ### Test Your Credentials Now that you've added credentials to your Vault, the next step is to **test** them. This process ensures your credentials are ready to use with Warp, and that you'll be able to perform migrations successfully. Luckily, Warp Vault has an integrated credential testing feature that makes this process a breeze. An example of how to use this feature is shown in the video snippet below, and you can walk through the process in detail through the [Warp Vault demo](https://packfiles.navattic.com/ybw09zv). 🛠️ Use the **Credential Testing** feature of Warp Vault to test the credentials you've configured. When each credential you've configured has a **Green Check**, you can save your changes and proceed. {% embed url="" %} Testing Credentials in Warp Vault {% endembed %} ### Commit and Push Your Vault File Next, you'll need to commit and push your encrypted Vault to your Migration HQ repository. 🛠️ Open your local clone of Migration HQ in your favorite Git client. Then add, commit, and push the file to your Migration HQ. {% hint style="success" %} #### Is this secure? **Yes.** Warp's model for securely storing your secrets as an encrypted file in your Migration HQ repository follows [GitHub's published best practice guidelines](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#storing-large-secrets) for managing large secrets on the platform. {% endhint %} {% embed url="" %} Committing and Pushing a Vault to Migration HQ from VS Code {% endembed %} ### Confirm That the Vault Was Pushed to Migration HQ Just to be certain, let’s take a look at *Migration HQ* to make sure that the Vault was actually pushed there. 🛠️ Open *Migration HQ* in a browser tab or panel and select the *Code* tab:
The "Migration HQ" page in GitHub.

Migration HQ.

🛠️ Look at the files in the directory and look at the `config` directory’s last commit message: “Update Vault.” Also, take note that its commit time is more recent than any of the other items in the repository. 🛠️ Open the `config` directory:
Migration HQ's "config" directory. The key item is the "vault.age" file.

Migration HQ’s config directory.

🛠️ Look at the Vault file — once again, it’s `vault.age`. Its last commit message and last commit date confirm that it was pushed to *Migration HQ* at the end of the Vault creation process. ### Store the Vault Key in Migration HQ’s Secrets The next step is to store the key for the Vault in the *Migration HQ* repository. This will allow Warp’s GitHub Actions to access the personal access tokens you encrypted into the Vault, which in turn will allow them to migrate your repositories from Azure DevOps to GitHub. You can do this manually by copying the Vault key and pasting it into the *Migration HQ* repository’s [*Secrets*](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions) settings. {% embed url="" %} Adding Your Master Key as a Migration-HQ Repository Secret {% endembed %} ### Confirm that that Vault and Key are in Migration HQ You should confirm that your Vault key was successfully stored in *Migration HQ* by checking the repository’s *Secrets* section in GitHub. 🛠️ Open a browser tab or window to the *Migration HQ* repository in GitHub and click the **Settings** tab.
"Migration HQ’s" "Settings" page. The key item is the "Secrets and variables" item in the left side menu.

Migration HQ’s Settings page.

🛠️ In the menu on the left side of the page, select **Secrets and variables** to expand it, then select **Actions**:
The "Secrets and variables" menu. The key item is the "Actions" menu item.

The Secrets and variables menu.

You will be taken to the *Actions secrets and variables* page for *Migration HQ* :
"Migration HQ’s" repository secrets. It contains one secret, whose name is "PKFS_MASTER_KEY".

Migration HQ’s repository secrets.

🛠️ Check the *Repository secrets* section and confirm that it contains a secret named `PKFS_MASTER_KEY`. If you see the `PKFS_MASTER_KEY` secret, you have successfully stored the Vault key in *Migration HQ*. If not, you should run the `gh warp vault place` command again. {% hint style="success" %} With the Vault file and secret install in *Migration HQ*, Warp now has the credentials to access your source repositories and destination GitHub organization.\ \ You’re ready to [scan your source for repositories](/guides/quickstart/scan-your-sources-for-repositories.md). {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kb.packfiles.io/guides/quickstart/set-up-your-vault.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.