Managing secrets for SCIM providers

If you choose to deploy and connect your Content Platform Engine to a SCIM provider, you need to have credentials for the connection.

About this task

The SCIM secret contains the credentials for your SCIM provider. The following steps show the manual procedure on creating the secret.

Procedure

  1. Get the username and password or clientId and clientSecret for your SCIM provider.
  2. To create the secret, run the following command:
    kubectl create secret generic ibm-scim-secret \
    --from-literal=scimPassword="scimUser" \
    --from-literal=scimUsername="xxxxxxxx" 
    Note: When you create secrets, special characters such as $, \, *, =, and ! are interpreted by your shell, and therefore need escaping. In most shells, the simplest way to escape a password is to surround it with single quotation marks ('). For example, if your password is S!B\*d$zDsb= then use single quotation marks around the password string:
    --from-literal=password='S!B\*d$zDsb='

    You do not need to escape special characters in passwords from files (--from-file). For more information, see Managing Secrets.

  3. If your secret name is different from the default secret name, ibm-scim-secret, add the secret to the custom resource YAML file in the scim_configuration section:
    initialize_configuration:
      scim_configuration:
        ...
        scim_secret_name: "ibm-scim-secret"