Cloudflare

Set up Cloudflare for automated tests with TrustCloud

Purpose

Once you set up your compliance program, TrustCloud TrustOps works to ensure that your systems remain compliant with your adopted controls. To do so, TrustCloud runs automated tests against systems in your product and business stack, and verifies that they are properly configured.

This document outlines the steps you can take to grant TrustCloud access to only read metadata about the configuration settings for your Cloudflare organization and Users, so that TrustOps can validate and generate evidence for your compliance program.

Instructions to grant TrustCloud limited access to GitHub metadata

1. Login to your Cloudflare account as a user who has access to your account settings.
2. Create an API token with read-only permissions
   From the Cloudflare dashboard, go to My Profile > API Tokens
   
3. On the API Tokens page click the Create Token button.
   
4. On the Create API Tokens page click the Use template button for the Read all resources template, which is a template with pre-configured read-only permissions.
   
5. Add or edit the token name to describe why or how the token is used. Templates are prefilled with a token name and permissions.
   Click Continue to summary button.
   
6. On the next page click the Create Token button.
   
7. On the next page, the created token is displayed, click the Copy button and save the token for later use in this integration.
   
8. Get your Cloudflare account ID
   From the browser address bar, copy the account ID, the account id is the part of URL after the dashboard domain name, in the form of https://dash.cloudflare.com/[account_id]/.
   
9. Enter your Cloudflare account ID & the created read-only permissions API token into TrustCloud.