Creating secrets to protect sensitive Content Collector for SAP Applications configuration data

Before you install Content Collector for SAP Applications, create secrets manually to protect the configuration data you are going to enter, for creating a keystore that you configured in preparation for use with Content Collector for SAP Applications.

Procedure

  1. Prepare your ibm-iccsap-secret.
    Using your password value, run the following command:
    kubectl create secret generic ibm-iccsap-secret --from-literal=keystorePassword="<password>"

    The secret you create, ibm-iccsap-secret, is the value for the parameter iccsap_secret_name.

  2. Configure the root Certificate Authority (CA) secret and trusted certificate list.

    The custom YAML file also requires values for the root_ca_secret

    and trusted_certificate_list parameters. The Transport Layer Security (TLS) secret contains the root CA's key value pair. You have the following choices for the root CA:
    • You can generate a self-signed root CA.
    • You can allow the operator (or ROOTCA ansible role) to generate the secret with a self-signed root CA (by not specifying one).
    • You can use a signed root CA. In this case, you create a secret that contains the root CA's key value pair in advance.

    The list of the trusted certificate secrets can be a TLS secret or an opaque secret. An opaque secret must contain a tls.crt file for the trusted certificate. The TLS secret has a tls.key file as the private key.

What to do next

To enable the IBM Content Collector P8 Content Search Services Support, see Preparing to enable IBM Content Collector P8 Content Search Services Support.