Use this page when you know the problem category but do not yet know which collection page should be your first stop.
Current release: 1.10.3
The docs are organized on purpose:
capabilities page when you are deciding whether a plugin boundary fits the jobuse cases page when you want a workflow or playbook patternplugin page last when you need exact option names or return fieldsThat keeps the decision pages from turning into reference dumps and keeps the reference pages from wandering into broad architectural prose.
Go straight to Reference By Area.
These are the collection combinations worth learning as flows.
| Need | Best starting point | Why |
|---|---|---|
| IdM-backed targeting and scoped inventory | Inventory Use Cases | combines host data, hostgroups, netgroups, HBAC scope, and host metadata |
| Service onboarding and key material | Principal Use Cases | principal pre-flight is the gate before keytab and cert work |
| TLS bootstrap and renewal | Cert Use Cases | cert issuance, retrieval, renewal, and vault-backed private-key handling |
| Static secret lifecycle in Controller | Rotation Use Cases | vault_write, vault, keytab, and cert in scheduled jobs |
| Lease-like temporary access in IdM | Ephemeral Access Capabilities | user_lease for delegated temporary users plus Kerberos key retirement patterns without pretending they are dynamic secret leases |
| Host enrollment | OTP Use Cases | OTP bootstrap plus official IdM enrollment modules and post-checks |
| Policy validation before privileged change | AAP Integration | hbacrule, selinuxmap, sudo, principal, and dns as controller-side gates |
| Vault or CyberArk displacement analysis | Vault/CyberArk Primer | comparison framing without pretending the collection is a lease engine or PAM suite |
| OpenShift platform and app workflows | OpenShift Ecosystem Primer | routes cluster admins, virtualization operators, RHOSO operators, RHOSO tenant admins, developers, RHACM operators, RHACS operators, and Quay operators into the right IdM-backed workflow pages |
| RHOSO operator and tenant workflows | OpenShift RHOSO Use Cases | RHOSO cloud operations and tenant-facing identity boundaries become cleaner AAP workflows instead of a mix of standing admin access and side-channel onboarding |
| RHACM event-driven remediation | OpenShift RHACM Use Cases | RHACM policy violations and lifecycle hooks become AAP jobs that verify real IdM identity, policy, and supporting artifacts before they run |
| RHACS findings and enforcement | OpenShift RHACS Use Cases | RHACS alerts, admission controls, and network-policy output become governed workflows instead of generic follow-up tickets |
| Quay identity and repo automation | OpenShift Quay Use Cases | Quay team access, mirroring, notifications, and registry onboarding become IdM-aware workflows instead of local credential sprawl |
| Area | Reference | Capabilities | Use cases |
|---|---|---|---|
| Inventory | Inventory Plugin | Inventory Capabilities | Inventory Use Cases |
| Vault retrieval | Vault Plugin | Vault Capabilities | Vault Use Cases |
| Vault lifecycle | Vault Write Module | Vault Write Capabilities | Vault Write Use Cases |
| Principal state | Principal Plugin | Principal Capabilities | Principal Use Cases |
| Keytabs | Keytab Plugin | Keytab Capabilities | Keytab Use Cases |
| User lease | User Lease Module | User Lease Capabilities | User Lease Use Cases |
| Certificates | Cert Plugin | Cert Capabilities | Cert Use Cases |
| OTP | OTP Plugin | OTP Capabilities | OTP Use Cases |
| DNS | DNS Plugin | DNS Capabilities | DNS Use Cases |
| SELinux maps | SELinux Map Plugin | SELinux Map Capabilities | SELinux Map Use Cases |
| Sudo policy | Sudo Plugin | Sudo Capabilities | Sudo Use Cases |
| HBAC rules | HBAC Rule Plugin | HBAC Rule Capabilities | HBAC Rule Use Cases |
To avoid circular writing: