Enabling users to use JDBC URLs stored in secrets

When a user creates a Generic JDBC connection, they must specify the JDBC URL of the data source. You can optionally enable users to use a JDBC URL this is stored in a secret in a vault.

Who needs to complete this task?
To complete this task, you must be either:
  • A cluster administrator
  • An instance administrator
When do you need to complete this task?

Complete this task only if you want to enable users to use JDBC URLs that are stored in secrets when they create Generic JDBC connections. For example, you might want to use JDBC URLs that are stored in secrets to protect any sensitive data in the JDBC URLs.

You can complete this task anytime after Cloud Pak for Data is installed. However, it is recommended that you complete this task before you give users access to the web client.

Before you begin

Best practice: You can run the commands in this task exactly as written if you set up environment variables. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

About this task

Common core services The Generic JDBC connector is available only if the common core services are installed.

An instance administrator can edit the common core services custom resource to set wdp_connect_connection_enable_jdbc_url_for_vaulting to true.

Procedure

  1. Log in to Red Hat® OpenShift® Container Platform as a user with sufficient permissions to complete the task.
    ${OC_LOGIN}
  2. Set the wdp_connect_connection_enable_jdbc_url_for_vaulting parameter to true:
    oc patch ccs ccs-cr \
    --namespace=${PROJECT_CPD_INST_OPERANDS} \
    --type merge \
    --patch '{"spec": {"wdp_connect_connection_enable_jdbc_url_for_vaulting": "true"}}'
  3. Confirm that the reconciliation process finished:
    oc get ccs ccs-cr \
    --namespace=${PROJECT_CPD_INST_OPERANDS} \
    -o template \
    --template '{{.status.ccsStatus}}'

    Wait for the statue to be Completed.

Results

Cloud Pak for Data is configured to enable users to choose whether to enter JDBC URLs manually or to use JDBC URLs that are stored in a secret.