Credential Management

This section explains how to register and manage credentials required for connecting ReleaseOwl with Integration suite, SAP Cloud Identity Services and SAP Passport.

Step-by-Step Guide: Registering Credentials in ReleaseOwl

A Process Integration Runtime (PIR) instance is required in SAP BTP for ReleaseOwl to securely manage and deploy CPI artifacts across environments. The setup involves creating PIR instances with two different plans — api and IFLOW — followed by credential registration in ReleaseOwl.

A. Create a PIR Instance with Plan: api

This instance enables programmatic access via API for integration tasks.

Steps:

1. Log in to your SAP BTP Cockpit.

2. Navigate to your Global Account > Subaccount.

3. Go to Instances and Subscriptions from the left menu.

1. Click on Create.

2. In the "New Instance or Subscription" wizard:

• Service: SAP Process Integration Runtime

• Plan: api

• Runtime Environment: Cloud Foundry

• Space: Select your development space (e.g., dev)

• Instance Name: Choose a name like CPI_API_Instance

1. Click Next, then Create.

Note: The api plan provides programmatic access to the SAP Process Integration Runtime, allowing you to connect via APIs for integration tasks.

Assign Required Roles

In the Parameters step, assign the following roles to allow artifact management:

Role	Description
MessagePayloadsRead	Read message payloads in the integration runtime.
MonitoringDataRead	View monitoring data for integration flows.
TraceConfigurationEdit	Edit tracing configurations.
TraceConfigurationRead	View current tracing configuration.
WorkspaceArtifactsDeploy	Deploy artifacts from workspace to runtime.
WorkspacePackagesConfigure	Configure packages, parameters, and dependencies.
WorkspacePackagesRead	Read-only access to integration packages.
WorkspacePackagesEdit	Modify and configure integration packages.

Create Service Key (for api plan)

After instance creation:

1. Go to Instances and Subscriptions.

2. Expand your newly created api instance.

3. Click Create Service Key.

4. Enter a name (e.g., cpi-api-key) and leave parameters blank.

5. Click Create.

1. Click View Credentials to retrieve:

• Client ID

• Client Secret

• Token URL

B. Create a PIR Instance with Plan: IFLOW

This is used for managing and deploying integration artifacts (iFlows).

✅ Steps:

1. Go to your SAP BTP Cockpit.

2. Select your subaccount that hosts SAP CPI.

3. Go to Services > Service Marketplace.

4. Select SAP Process Integration Runtime → Click Create.

5. Fill in the following:

   • Service: SAP Process Integration Runtime

   • Plan: IFLOW

   • Runtime Environment: Cloud Foundry

   • Space: Provide the appropriate space (e.g., dev)

   • Instance Name: (e.g., CPI_IFLOW_Instance)

1. Click Next and then Create.

Create Service Key (for IFLOW plan)

1. Navigate to Instances and Subscriptions.

2. Locate the IFLOW instance.

3. Click Actions > Create Service Key.

4. Enter a name for the key (e.g., cpi-iflow-key) → Click Create.

1. Click on the service key name to view the key details.

2. You will need these values when setting up ReleaseOwl credentials.

Step 2: Register Credentials in ReleaseOwl

Credential registration enables secure communication between ReleaseOwl and SAP CPI environments.

A. Register SAP CPI Credential (API Access)

✅ Steps:

1. Log in to the ReleaseOwl Platform.

2. Go to Administration > Credential Manager.

1. Click Register Credential.

2. Fill in the details:

   • Credential Name: Any identifiable name for the credential.

   • Authentication Type: Select OAuth2

   • Client ID: Provide the details from the above created API service key.

   • Client Secret: Provide the details from the above created API service key.

   • Token URL: Provide the details from the above created API service key.

3. Click Save.

The credential will now appear in your list and can be used in pipelines and deployments.

B. Register SAP CPI Credential (IFLOW Access)

This step allows ReleaseOwl to securely interact with CPI for artifact deployment and management via the IFLOW plan.

✅ Steps:

1. Navigate to Credential Manager from the Administration menu in the ReleaseOwl Platform.

2. Click Register Credential.

3. Set the Credential Type to SAP Cloud Environment.

4. Fill in the following details:

   • Credential Name: Enter a meaningful name (e.g., CPI IFLOW Credential)

   • Authentication Type: Select OAuth2

   • Client ID: Provide the details from the above created IFLOW service key.

   • Client Secret: Provide the details from the above created IFLOW service key.

   • Token URL: Provide the details from the above created IFLOW service key.

5. Click Save.

6. The new credential will now appear in the List of Credentials and can be used in Release Pipelines for IFLOW deployments.

Registering SAP Cloud Identity Services Credentials

This section explains how to create and configure Cloud Identity Services (IAS/IPS) in SAP BTP and register them in ReleaseOwl. This setup is essential because ReleaseOwl uses Cloud Identity Services for secure web-based authentication, ensuring that users access deployments and environments through trusted identity providers.

Create Cloud Identity Service Instance

1. Navigate to Instances & Subscriptions in your SAP BTP subaccount.

2. Click on the Create button.

3. In the Service field, select Cloud Identity Services.

4. In the Plan field, choose Default under Subscriptions, then click Next.

5. Click Create to provision the instance.

Activate Administrator Account

1. An activation email will be sent to the registered email address.

2. Open the email and click Activate Account.

3. Set your password and click on Continue.

Credential Registration with ReleaseOwl

1. Log in to ReleaseOwl.

2. Go to Administration → Credential Manager.

3. Click on Register Credential.

1. Enter the following information:

   • Credential Type: SAP Cloud Identity

   • User Name: Cloud Identity Service Username

   • Password: Cloud Identity Service Password

2. Click Save to complete the credential registration.

SAP Passport: Application and Configuration

This section explains how to apply for and configure SAP Passport, and how to register it in ReleaseOwl. This setup is essential because SAP Passport provides secure certificate-based authentication, allowing ReleaseOwl to verify your identity.

1. Go to SAP for Me.

2. Navigate to the SAP Passport page (reference link: SAP Passport).

3. Enter your S-User password when prompted.

4. Click on the Apply for SAP Passport.

1. Give your SAP Passport Password in that box, then click on Apply button your SAP Passport will created.

1. After successful creation, click Download the SAP Passport.

2. The passport will be downloaded in .pfx format to your system.

Integrate SAP Passport With ReleaseOwl

1. Go to Credential Manager in ReleaseOwl.

2. Click Register Credential.

1. Fill in the following details:

• Credential Type: SAP Passport

• Password: Enter the SAP Passport Password you provided during the apply process

• Certificate: Upload your downloaded SAP Passport (.pfx)

Note: You must keep using the PFX if the server requires client certificate authentication.

1. Save the credential.