A secret is an object that contains a small amount of sensitive data such as a password,
a token, or a key. Before you install IBM Business Automation Workflow, you must create secrets manually for
LDAP, Business Automation Workflow, User Management
Service (UMS), Business Automation
Studio, Application
Engine, Resource Registry, IBM FileNet® Content Manager, and IBM
Business Automation Navigator.
About this task
All values under
data
in each secret must be Base64 encoded. To get a
Base64-encoded string, run the following
command:
echo -n "<sample_string>" | base64
The output is the Base64-encoded
result.
Important: Make sure each secret has fewer than 20 characters.
Procedure
-
An LDAP server is required before you install Business Automation Workflow. Create required secrets for LDAP.
-
Save the following content in a YAML file named, for example,
ldap-bind-secret.yaml.
LDAP
secret:
apiVersion: v1
kind: Secret
metadata:
name: ldap-bind-secret
type: Opaque
data:
ldapUsername: <LDAP_BIND_DN>
ldapPassword: <LDAP_PASSWORD>
where:
ldapUsername
corresponds to the bindDN
property of your LDAP
server, Base64-encoded
ldapPassword
corresponds to the bindPassword
property of your
LDAP server, Base64-encoded
-
On the OpenShift main node, run the following command for the YAML file:
oc apply -f YAML_file_name
-
In your custom resource file:
- Specify the hostname of your LDAP server as the
ldap_configuration.lc_ldap_server
property.
- Specify the secret name that you created above as the
ldap_configuration.lc_bind_secret
property.
-
Create required secrets for Business Automation Workflow.
-
Save the following content in a separate YAML file for each secret.
All values under data
in the secret must be Base64 encoded.
Business Automation Workflow database
secret:
apiVersion: v1
kind: Secret
metadata:
name: ibm-baw-wfs-server-db-secret
type: Opaque
data:
dbUser: <DB_USER>
password: <DB_USER_PASSWORD>
where
dbUser
and
password
are the database username and password. Ensure all values under
data
are Base64 encoded.
Optional: Process Federation Server secret:
If you don't create this secret, the operator generates a secret with random values during
installation.
apiVersion: v1
kind: Secret
metadata:
name: ibm-pfs-admin-secret
type: Opaque
data:
ltpaPassword: <LTPA_PASSWORD>
oidcClientPassword: <OIDC_CLIENT_PASSWORD>
sslKeyPassword: <SSL_KEY_PASSWORD>
ltpaPassword
is used to set the LTPA password
oidcClientPassword
is registered at UMS as the OIDC client password
sslKeyPassword
is used as the keystore and truststore password
- All values under
data
are Base64-encoded.
Optional: Workflow server admin secret. This secret is used to integrate with other servers, such
as UMS. You must set the Workflow Server admin secret name in
workflow_authoring_configuration.admin_secret_name
and the operator creates it
automatically. However, if you want to create the secret manually, use the following
content:
apiVersion: v1
kind: Secret
metadata:
name: ibm-baw-admin-secret
type: Opaque
data:
sslKeyPassword: <SSL_KEY_PASSWORD>
oidcClientPassword: <OIDC_CLIENT_PASSWORD>
where:
sslKeyPassword
is used as the keystore and truststore password
oidcClientPassword
is used as the OIDC client password
- All values under
data
are Base64-encoded.
-
On the OpenShift master node, run the following command for each YAML file:
oc apply -f YAML_file_name
-
Create required secrets for UMS by following the steps in Creating the UMS database admin secret.
-
Create required secrets for Business Automation
Studio and
Application
Engine playback engine by following the
instructions in Creating secrets to protect sensitive configuration data.
-
Create required secrets for Application
Engine by
following the instructions in Creating secrets to protect sensitive configuration data. These
instructions also include creating a secret for Resource Registry.
-
Create required secrets for IBM
Business Automation Navigator by
following the instructions in Creating secrets to protect sensitive Business Automation Navigator configuration data.
-
Create required secrets for IBM FileNet Content Manager by
following the instructions in Creating secrets to protect sensitive IBM FileNet Content Manager configuration data.