Creating secrets to protect sensitive IBM Enterprise Records configuration data
Before you install Enterprise Records, create secrets manually to protect the
configuration data that you enter.
Procedure
Prepare your security environment and provide a keystore password.
The keystore password is used to create the keystore and truststore for the container. The
keystorePassword
must be 16 or more characters when FIPS is enabled. Run the
following command by using the keystore password
values:kubectl create secret generic ibm-ier-secret \
--from-literal=keystorePassword="xxxxxxx" \
-n "{{ namespace }}"
Note: When you create secrets,
special characters such as
The secret that you
create, $
, \
, *
,
=
, and !
are interpreted by your shell, and therefore need
escaping. In most shells, the simplest way to escape a password is to surround it with single
quotation marks ('). For example, if your password is S!B\*d$zDsb=
then use single
quotation marks around the password
string:--from-literal=password='S!B\*d$zDsb='
You do not need to escape
special characters in passwords from files (--from-file
). For more information, see
Managing Secrets.
ibm-ier-secret
is the value for the parameter
ier_secret_name
.