Configuring Credentials

Note:

Note that this chapter only focuses on Platform applications deployed on a single machine Docker environment and does not apply to bare metal or cloud deployments.

We recommend keeping default passwords in the source code during development and changing them for each deployed environment. Here, an environment can be regarded as an instance of a deployment. For more details, please refer to Chapter Deploying the Application.

In addition to using credentials, the Gateway Service also can be extended when securing the application. For more details, please refer to Section Extending the Gateway Service.

Applications based on the Platform are composed of multiple components that communicate with each other. Communications are secured by technical and user credentials, which are set, by default, by the environment. For more details, please refer to Section Accessing the Application Endpoints.

As convenient as it is for the development and testing phases, these default credentials should not be used in deployments.

Updating credentials involves changing the credentials and updating all the software components that need to connect with these credentials. Below is an example of the software components that connect to PostgreSQL

PostgreSQL Connections

The Platform credentials can be divided into two categories:

Infrastructure credentials, depending on the software component, require:
- Configuring Postgres Credentials: postgres-r00t-us3rn4m3, data_server and Keycloak.
- Configuring MongoDB Credentials: mongo-r00t-us3rn4m3, scenario-db, execution-db, permission-db and session-tracking-db.
- Configuring Keycloak 'admin' Credentials: keycloak-r00t-us3rn4m3.
- Configuring RabbitMQ Credentials: rabbit-r00t-us3rn4m3.
Applicative credentials are centralized and managed by Keycloak and require Configuring User Credentials: backend-service, data-service, execution-service, gene_admin, optimserver, scenario-service, user1, user2, user3, and user4.