Workshop Modification - WMS ID: 11514 (#322)

* wip

* Add managing-credentials-using-oci-vault content.

* Create CNAME

* Delete CNAME

* Fix typo and add ssh section.

* Minor change.

* Update copyright.

* Support user account.

* Minor change.

* Fix the QA issues.

* Addressing the review comments.

* Update the note.

---------

Co-authored-by: El Houcine Es Sanhaji <[email protected]>

managing-credentials-using-oci-vault/credentials-in-bucket/credentials-in-bucket.md

@@ -24,10 +24,7 @@ This lab assumes you have:
 ## Task 1: Developer persona and credentials misuse
 
 The below video gives an overview of challenges a DevOp persona will face for storing credentials in a bucket.
-
-   [
-      ![Lab 1 video](../credentials-in-bucket/images/lab-1-image.png)
-   ](../credentials-in-bucket/file/lab-1-video.mp4)
+   [developer persona and credentials misuse video](youtube:EyFpDQRPKmY)
 
 ## Learn More
 

managing-credentials-using-oci-vault/setup-oci-vault/oci-vault-setup-sandbox.md

@@ -4,6 +4,13 @@
 
 In Lab 3, return as a developer persona to discover the secure realm of OCI Vault. Learn the importance of proper credentials management as we guide you through leveraging OCI Vault to securely store and access credentials, ensuring a robust and resilient approach to security.
 
+Oracle Cloud Infrastructure Vault is a management service that stores and manages master encryption keys and secrets for secure access to resources.
+
+The below video gives an overview of OCI key management service and its key concepts.
+    [oracle cloud infrastructure vault video](youtube:Yhm9eCP_SOA)
+
+By utilizing OCI Vault, you can effectively manage and control access to secrets within your OCI environment. The Vault service offers robust security features, including encryption at rest and in transit, access controls, auditing capabilities, and integration with other OCI services.
+
 Estimated Time: 1 hour 30 minutes
 
 ### Objectives
@@ -21,26 +28,12 @@ This lab assumes you have:
 - Some understanding of cloud terms
 - Familiarity with Oracle Cloud Infrastructure OCI would be helpful.
 
-## Task 1: Oracle Cloud Infrastructure Vault - Overview
-
-Oracle Cloud Infrastructure Vault is a management service that stores and manages master encryption keys and secrets for secure access to resources.
-
-The below video gives an overview of OCI key management service and its key concepts.
-
-   [
-      ![OCI Vault video](../setup-oci-vault/images/oci-vault-demonstration-thumbnail.jpeg)
-   ](https://www.youtube.com/watch?v=Yhm9eCP_SOA)
+## Task 1: Create a Dynamic Group (Already in Place)
 
-By utilizing OCI Vault, you can effectively manage and control access to secrets within your OCI environment. The Vault service offers robust security features, including encryption at rest and in transit, access controls, auditing capabilities, and integration with other OCI services.
-
-## Task 2: Create a Dynamic Group
+> **Note**: Keep in mind that the Dynamic Group is already created for you in the Sandbox environment, so you wouldn't need to create it.
 
 A Dynamic Group is a group that dynamically grant access to resources based on a rule. Our Dynamic Group will be used with a matching rule to determine which instances we want to allow API calls against the service we are going to use.
 
-Use the following steps to create a dynamic group.
-
-> Note: Keep in mind that the Dynamic Group is already created for you in the Sandbox environment, so you wouldn't need to create it.
-
 1. Login to the OCI Console
 2. Go to Menu > Identity & Security > Dynamic Groups
 3. Click the Create Dynamic Group button
@@ -53,7 +46,7 @@ Use the following steps to create a dynamic group.
 5. Click the Create Dynamic Group button to save
     ![Create Dynamic Group](../setup-oci-vault/images/dynamic-group-image-2.png "Create Dynamic Group")
 
-## Task 3: Create a Vault
+## Task 2: Create a Vault
 
 We will now create a Vault in the target compartment, then add a key that will be used to encrypt a new secret. The secret could be anything, but for our example we will store a API-token. Note that you could add multiple secrets if needed. Using the following steps to create a vault, a key, and a secret.
 
@@ -87,22 +80,20 @@ We will now create a Vault in the target compartment, then add a key that will b
     ![Create Secret Form](../setup-oci-vault/images/vault-image-6.png "Create Secret Form")
 18. Copy the secret OCID to be used next.
 
-## Task 4: Create a Policy using the Dynamic Group
+## Task 3: Create a Policy using the Dynamic Group (Already in Place)
+
+> **Note**: Keep in mind that the Policy is already created for you, in the Sandbox environment, so you wouldn't need to create it.
 
-After you have created a dynamic group, you need to create policy to permit the dynamic groups to access OCI services.
+The policy will permit the dynamic groups to access OCI services.
 
 The below policy statement allows all instances in the dynamic group `my-secret-group` to access the secret `my-secret`.
 
-> Note: Better policy to only access a specific secret
+> **Note**: Better policy to only access a specific secret
 
 ``` txt
 <copy> allow dynamic-group my-secret-group to read secret-family in compartment my-compartment where target.secret.name = 'my-secret' </copy>
 ```
 
-Use the following steps to create a the policy:
-
-> Note: Keep in mind that the Policy is already created for you, in the Sandbox environment, so you wouldn't need to create it.
-
 1. Login to the OCI Console
 2. Go to Menu > Identity & Security> Policies
     ![Console Menu](../setup-oci-vault/images/policy-image-1.png "Console Menu")
@@ -116,7 +107,7 @@ Use the following steps to create a the policy:
 5. Click the Create button to save
     ![Create Policy Form](../setup-oci-vault/images/policy-image-3.png "Create Policy Form")
 
-## Task 5: Retrieve the secret from the Compute Instance
+## Task 4: Retrieve the secret from the Compute Instance
 
 Finally, we can create a script to retrieve our secret. The following steps creates a Python script that you can use as a framework to build on, but this could also be done in other languages that are supported such as Java, Ruby, and Go — [Software Development Kits and Command Line Interface](https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/sdks.htm). Use the following steps to create a Python script with the given example.
 

managing-credentials-using-oci-vault/setup-oci-vault/oci-vault-setup-tenancy.md

@@ -4,6 +4,13 @@
 
 In Lab 3, return as a developer persona to discover the secure realm of OCI Vault. Learn the importance of proper credentials management as we guide you through leveraging OCI Vault to securely store and access credentials, ensuring a robust and resilient approach to security.
 
+Oracle Cloud Infrastructure Vault is a management service that stores and manages master encryption keys and secrets for secure access to resources.
+
+The below video gives an overview of OCI key management service and its key concepts.
+    [oracle cloud infrastructure vault video](youtube:Yhm9eCP_SOA)
+
+By utilizing OCI Vault, you can effectively manage and control access to secrets within your OCI environment. The Vault service offers robust security features, including encryption at rest and in transit, access controls, auditing capabilities, and integration with other OCI services.
+
 Estimated Time: 1 hour 30 minutes
 
 ### Objectives
@@ -21,19 +28,7 @@ This lab assumes you have:
 - Some understanding of cloud terms
 - Familiarity with Oracle Cloud Infrastructure OCI would be helpful.
 
-## Task 1: Oracle Cloud Infrastructure Vault - Overview
-
-Oracle Cloud Infrastructure Vault is a management service that stores and manages master encryption keys and secrets for secure access to resources.
-
-The below video gives an overview of OCI key management service and its key concepts.
-
-   [
-      ![OCI Vault video](../setup-oci-vault/images/oci-vault-demonstration-thumbnail.jpeg)
-   ](https://www.youtube.com/watch?v=Yhm9eCP_SOA)
-
-By utilizing OCI Vault, you can effectively manage and control access to secrets within your OCI environment. The Vault service offers robust security features, including encryption at rest and in transit, access controls, auditing capabilities, and integration with other OCI services.
-
-## Task 2: Create a Compartment
+## Task 1: Create a Compartment
 
 A compartment is a logical container to organize and control access to OCI resources. In our case we need a compartment for our Compute instance Vault. If you already have a Compartment feel free to skip to the next section. Use the following steps to create a compartment.
 
@@ -49,7 +44,7 @@ A compartment is a logical container to organize and control access to OCI resou
     ![Create Compartment Form](../setup-oci-vault/images/compartment-creation-image-2.png "Create Compartment Form")
 6. Go into the new Compartment and copy the OCID; this will be used next.
 
-## Task 3: Create a Dynamic Group
+## Task 2: Create a Dynamic Group
 
 A Dynamic Group is a group that dynamically grant access to resources based on a rule. Our Dynamic Group will be used with a matching rule to determine which instances we want to allow API calls against the service we are going to use.
 
@@ -67,7 +62,7 @@ Use the following steps to create a dynamic group.
 5. Click the Create Dynamic Group button to save
     ![Create Dynamic Group](../setup-oci-vault/images/dynamic-group-image-2.png "Create Dynamic Group")
 
-## Task 4: Create a Vault
+## Task 3: Create a Vault
 
 We will now create a Vault in the target compartment, then add a key that will be used to encrypt a new secret. The secret could be anything, but for our example we will store a API-token. Note that you could add multiple secrets if needed. Using the following steps to create a vault, a key, and a secret.
 
@@ -101,13 +96,13 @@ We will now create a Vault in the target compartment, then add a key that will b
     ![Create Secret Form](../setup-oci-vault/images/vault-image-6.png "Create Secret Form")
 18. Copy the secret OCID to be used next.
 
-## Task 5: Create a Policy using the Dynamic Group
+## Task 4: Create a Policy using the Dynamic Group
 
 After you have created a dynamic group, you need to create policy to permit the dynamic groups to access OCI services.
 
 The below policy statement allows all instances in the dynamic group `my-secret-group` to access the secret `my-secret`.
 
-> Note: Better policy to only access a specific secret
+> **Note**: Better policy to only access a specific secret
 
 ``` txt
 <copy> allow dynamic-group my-secret-group to read secret-family in compartment my-compartment where target.secret.name = 'my-secret' </copy>
@@ -128,7 +123,7 @@ Use the following steps to create a the policy:
 5. Click the Create button to save
     ![Create Policy Form](../setup-oci-vault/images/policy-image-3.png "Create Policy Form")
 
-## Task 6: Retrieve the secret from the Compute Instance
+## Task 5: Retrieve the secret from the Compute Instance
 
 Finally, we can create a script to retrieve our secret. The following steps creates a Python script that you can use as a framework to build on, but this could also be done in other languages that are supported such as Java, Ruby, and Go — [Software Development Kits and Command Line Interface](https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/sdks.htm). Use the following steps to create a Python script with the given example.
 

managing-credentials-using-oci-vault/unauthorised-access/unauthorised-access.md

@@ -24,10 +24,7 @@ This lab assumes you have:
 ## Task 1: Attacker persona and public bucket access
 
 The below video show the risks involved when managing credentials in publicly accessible storage.
-
-   [
-      ![Lab 2 video](../unauthorised-access/images/lab-2-image.png)
-   ](../unauthorised-access/file/lab-2-video.mp4)
+    [attacker persona and public bucket access video](youtube:EH3N-4Gys6A)
 
 ## Learn More