Template and sample YAML of Secret

Edit online

Template YAML of elm-auth-secret

apiVersion: v1
kind: Secret
metadata: 
  name: elm-auth-secret
  namespace: <namespace>                          # Kubernetes Cluster Namespace
stringData: 
  CCM_DB_JDBC_PASSWORD: <password>                # CCM DataBase JDBC Password
  DB_USER_PASSWORD: <password>                    # DataBase Password
  DCC_DB_JDBC_PASSWORD: <password>                # DCC DataBase JDBC Password
  DW_JDBC_PASSWORD: <password>                    # DW DataBase JDBC Password
  GC_DB_JDBC_PASSWORD: <password>                 # GC DataBase JDBC Password
  JTS_DB_JDBC_PASSWORD: <password>                # JTS DataBase JDBC Password
  LDX_DB_JDBC_PASSWORD: <password>                # LDX DataBase JDBC Password
  LQE_DB_JDBC_PASSWORD: <password>                # LQE DataBase JDBC Password
  ENI_DB_JDBC_PASSWORD: <password>                # ENI DataBase JDBC Password
  QM_DB_JDBC_PASSWORD: <password>                 # QM DataBase JDBC Password
  RM_DB_JDBC_PASSWORD: <password>                 # RM DataBase JDBC Password
  OIDC_PROVIDER_USERID: <auth-provider-user>      # OIDC/LDAP Provider User ID
  OIDC_PROVIDER_PASSWORD: <auth-password>         # OIDC/LDAP Provider User ID's Password
  SCIM_PROVIDER_USERID: <scim-provider-user>      # SCIM User ID
  SCIM_PROVIDER_PASSWORD: <password>              # SCIM User ID's Password
  SCIM_USERID_MAPPING: <scim-userid-mapping>      # SCIM User ID Mapping
  SSL_KEYSTORE_PW: <password>                     # SSL Certificate Keystore (JKS) Password
  GC_ACTIVATION_KEY: <gc-activation-key>          # GC Activation Key
  LDAP_PASSWORD: <password>                       # LDAP Registry Password
  OIDC_CLIENT_ID: <oidc-client-id>                # OIDC Client User ID
  OIDC_CLIENT_SECRET: <oidc-client-secret>        # OIDC Client User ID's Password
type: Opaque

Fully populated sample YAML of elm-auth-secret

kind: Secret
apiVersion: v1
metadata:
  name: elm-auth-secret
  namespace: example
stringData:
  CCM_DB_JDBC_PASSWORD: example
  DB_USER_PASSWORD: example
  DCC_DB_JDBC_PASSWORD: example
  DW_JDBC_PASSWORD: example
  GC_DB_JDBC_PASSWORD: example
  JTS_DB_JDBC_PASSWORD: example
  LDAP_PASSWORD: example
  LDX_DB_JDBC_PASSWORD: example
  LQE_DB_JDBC_PASSWORD: example
  OIDC_PROVIDER_PASSWORD: example
  OIDC_PROVIDER_USERID: example@user.com
  QM_DB_JDBC_PASSWORD: example
  ENI_DB_JDBC_PASSWORD: example
  RM_DB_JDBC_PASSWORD: example
  SCIM_PROVIDER_PASSWORD: example
  SCIM_PROVIDER_USERID: example@user.com
  SCIM_USERID_MAPPING: example@user.com
  GC_ACTIVATION_KEY: example
  LDAP_PASSWORD: example
  SSL_KEYSTORE_PW: secret
  OIDC_CLIENT_ID: example@user.com
  OIDC_CLIENT_SECRET: secret
type: Opaque

Template YAML of elm-tls-certs-secret LDAP

kind: Secret
apiVersion: v1
metadata:
  name: elm-tls-certs-secret
  namespace: <namespace>            # Kubernetes Cluster Namespace
stringData:
  LDAP_SSL_CERTIFICATE: |
    # ldap server base-64 X.509 ( tls , intermediate, root ) SSL certificate data
type: Opaque

Fully populated sample YAML of elm-tls-certs-secret LDAP

kind: Secret
apiVersion: v1
metadata:
  name: elm-tls-certs-secret
  namespace: example
stringData:
  LDAP_SSL_CERTIFICATE: |
    #base-64 X.509 ( tls , intermediate, root ) SSL certificate data
    -----BEGIN CERTIFICATE-----
    MIIDeTCCAmGgAwIBAgIESG5/rjANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJ
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIDeTCCAmGgAwIBAgIESG5/rjANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJ
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIDeTCCAmGgAwIBAgIESG5/rjANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJ
    -----END CERTIFICATE-----
type: Opaque

Template YAML of elm-tls-certs-secret OIDC

kind: Secret
apiVersion: v1
metadata:
  name: elm-tls-certs-secret
  namespace: <namespace>                # Kubernetes Cluster Namespace
type: Opaque
stringData:
  oidc-ssl-certificate: |
    # SSL certificate data of your OIDC server in Base-64 X.509 format.

Fully populated sample YAML of elm-tls-certs-secret OIDC

kind: Secret
apiVersion: v1
metadata:
  name: elm-tls-certs-secret
  namespace: example
type: Opaque
stringData:
  oidc-ssl-certificate: |
    -----BEGIN CERTIFICATE-----
    MIIDeTCCAmGgAwIBAgIESG5/rjANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJJ
    -----END CERTIFICATE-----

Template YAML of elm-saml-idp-metadata SAML 

kind: Secret
apiVersion: v1
metadata:
  name: elm-saml-idp-metadata
  namespace: <namespace>                  # Kubernetes Cluster Namespace
type: Opaque
stringData:
  idpMetadata.xml: |
    # IDP Provider xml data.

Fully populated sample YAML of elm-saml-idp-metadata SAML

kind: Secret
apiVersion: v1
metadata:
  name: elm-saml-idp-metadata
  namespace: example
type: Opaque
stringData:
  idpMetadata.xml: |
    <EntityDescriptor
        ID="_example123"
        entityID="https://example.idp.server"
        validUntil="2025-04-25T09:48:54Z"
        cacheDuration="PT15M"
        xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
            <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.idp.server/saml/sso" />
            <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.idp.server/saml/sso" />
            <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://example.idp.server/saml/sso" />
            <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.idp.server/saml/slo" />
            <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.idp.server/saml/slo" />
            <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://example.idp.server/saml/slo" />
            <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://example.idp.server/saml/ars" index="0" />
            <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
            <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
            <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
            <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

            <KeyDescriptor use="signing">
                <KeyInfo
                    xmlns="https://ibm.com/#">
                    <X509Data>
                        <X509Certificate>IDP_PUBLIC_SIGNING_CERTIFICATE_USED_FOR_SIGNING_RESPONSES</X509Certificate>
                    </X509Data>
                </KeyInfo>
            </KeyDescriptor>
        </IDPSSODescriptor>
        <Organization>
            <OrganizationName xml:lang="en-GB">IBM</OrganizationName>
            <OrganizationDisplayName xml:lang="en-GB">IBM Org</OrganizationDisplayName>
            <OrganizationURL xml:lang="en-GB">https://ibm.com/</OrganizationURL>
        </Organization>
        <ContactPerson contactType="technical">
            <Company>IBM</Company>
            <GivenName>example</GivenName>
            <SurName>example</SurName>
            <EmailAddress>example@ibm.com</EmailAddress>
        </ContactPerson>
    </EntityDescriptor>