Disabling the internal vault for the Cloud Pak for Data web client

An instance administrator can optionally disable the Cloud Pak for Data internal vault for the Cloud Pak for Data web client.

Permissions you need for this task
You must be a Red Hat® OpenShift® Container Platform project or cluster administrator.
When you need to complete this task
You can complete this task anytime after Cloud Pak for Data is installed.

About this task

If you plan to use vaults to store sensitive data, it is strongly recommended that you use an enterprise-grade vault solution, such as CyberArk or HashiCorp.

You can optionally disable the internal vault to ensure that users use secrets from your existing vault.

You can disable the internal vault, for example, if you want to restrict the use of vault to an organization's approved vault vendors only.

Important: When you disable the internal vault, all of the secrets that are stored in the vault are also deleted.

Procedure

  1. Log in to your Red Hat OpenShift Container Platform cluster as a user with sufficient permissions to complete the task:
    ${OC_LOGIN}
  2. Run the following command to edit the Cloud Pak for Data product-configmap file:
    oc patch cm product-configmap \
    --namespace=${PROJECT_CPD_INST_OPERANDS} \
    --type=merge \
    --patch '{"data": {"VAULT_DISABLE_INTERNAL_VAULT": "true"}}'
  3. Restart the zen-watcher pods.
    oc delete pods \
    --namespace=${PROJECT_CPD_INST_OPERANDS} \
    -l component=zen-watcher