Creating a secret to hold encryption key information from IBM Content Collector

Before you enable IBM Content Collector P8 IBM Content Search Services Support you must also create a secret to hold encryption key information from IBM Content Collector.

About this task

Before you deploy, you must also create the encryption key secret. The contents of the secret are picked from the MasterKey.txt file, which was previously created via processes on external services such as the IBM Content Collector services. You must go to the IBM Content Collector server and obtain the master key from the MasterKey.txt file. For details about how to download the MasterKey.txt, refer topic Prerequisites for running Content Collector Server and its components from the IBM Content Collector documentation.

If the secret is defined in the CR, then it is picked up by the CSS pod and put in the directory /opt/IBM/ContentSearchServices/CSS_Server/. The default name for the secret is icc-masterkey-txt but you can define it to be another secret name. You can put the secret as a file or as text that contains the key of the secret from MasterKey.txt.

To create the secret, run the following command:
oc create secret generic icc-masterkey-txt --from-file=MasterKey.txt=/root/MasterKey.txt

The secret that you create, is the value for the parameter ecm_configuration.css.css_production_setting.icc.secret_masterkey_name.