Creating a secret for an AES Key

IBM Security QRadar® Suite Software provides an action to create a secret in the QRadar Suite Software namespace to store your AES key that you can use to encrypt your data backups.

1. Log in to your Red Hat OpenShift Container Platform cluster as a cluster administrator by typing one of the following commands, where <openshift_url> is the URL for your Red Hat OpenShift Container Platform environment.
   • Using a username and password.

     oc login <openshift_url> -u <cluster_admin_user> -p <cluster_admin_password>

   • Using a token.

     oc login --token=<token> --server=<openshift_url>

2. Switch to your QRadar Suite Software namespace by typing the following command.

   oc project <cp4s_namespace>

   For example, if your QRadar Suite Software namespace is cp4sexample, type the following command.

   oc project cp4sexample

   The following example output shows that you switched to the cp4sexample namespace.

   Now using project "cp4sexample" on server "https://example.com:6443".

3. Create a secret to store an AES key to back up QRadar Suite Software data stores by using one of the following methods.
   • If you already have an AES key, create a new secret to store your AES key by typing the following command.

     oc create -n ${CP4S_NAMESPACE} secret generic my-aes-key --from-literal=key="${AES_KEY}"
     

     Run the backup by typing the following command.

     /opt/bin/backup-cp4s -s my-aes-key

   • If you want to back up QRadar Suite Software data stores by using an auto-generated AES key, use the -g or --generate-aes-key argument and create a new secret to store the auto-generated AES key.

     /opt/bin/backup-cp4s -n cp4s -s my-secret --generate-aes-key

     The backup is run by using an auto-generated 32-character long AES key that is stored in the my-secret secret.