Creating a secret

A secret is used for setting sensitive information when installing IBM® Sterling Intelligent Promising through the Operator. It contains sensitive information such as truststore password, credentials for middleware services if you are not deploying Sterling Intelligent Promising in development mode, and other configurations.

Procedure

  1. Create a <sample_secret_file>.yaml file as illustrated in the following example:
    The truststore_password is a mandatory attribute. It is used to create the final truststore, where you can choose to add the trusted certificates or import the truststore to the truststore that the Sterling Intelligent Promising creates to trust the connection between itself and external services. So, when you provide your own truststore, then you must provide the same password that is used for creating the truststore in this truststore.
    apiVersion: v1
    kind: Secret
    metadata:
      name: <Release-name>-sip-secret
    type: Opaque
    stringData:
      truststore_password: <password for TrustStore>  # This password is used to create a truststore.
    • If your middleware services (Cassandra, Elasticsearch, and Kafka) are not installed by the Operator, add the following properties to the <sample_secret_file>.yaml file.
      # Cassandra
      cassandra_username: <username for cassandra>
      cassandra_password: <password for cassandra>
      
      # Elasticsearch
      elasticsearch_username: <username for elasticsearch>
      elasticsearch_password: <password for elasticsearch>
      
      # Kafka - required secret
      kafka_security_protocol: <security protocol for kafka>
      
      # Kafka - optional secret
      kafka_sasl_jaas_config: <sasl jaas cofing for kafka>
      kafka_user: <username for kafka>
      kafka_password: <password for kafka >
      kafka_sasl_mechanism: <sasl mechanism for kafka>
      
      
      # MongoDB - required secret
      mongodb_optimizer_metadata_db_username: <username for optimizerMetadataDB in MongoDB>
      mongodb_optimizer_metadata_db_password: <password for optimizerMetadataDB in MongoDB>
      mongodb_optimizer_db_username: <username for optimizerDB in MongoDB>
      mongodb_optimizer_db_password: <password for optimizerDB in MongoDB>
      
      
      # MongoDB - optional secret. If you provide this secret, Operator will create the required database and the respective users. If Admin credendtials are not passed, you are expected to create the databaase and the corresponding user.
      mongodb_admin_db_username: <Admin username for MongoDB>
      mongodb_admin_db_password: <Admin password for MongoDB>
    • Sterling Intelligent Promising by default writes application level logs to console. However, you can choose to redirect these logs to Kafka by using the following properties. So, if you choose log channel to Kafka and specify loggingContactPoints, then add the Kafka properties to the <sample_secret_file>.yaml with log_ prefix. For more information, see loggingContactPoints in kafka parameter and log parameter.
      #Required secret
      log_kafka_security_protocol: <security protocol for kafka - logging>
      # Optional secret
      log_kafka_sasl_jaas_config: <sasl jaas cofing for kafka>
      log_kafka_ user: <username for kafka>
      log_kafka_password: <password for kafka >
      log_kafka_sasl_mechanism: <sasl mechanism for kafka>
    Note: Ensure to set the values based on your external instance configurations.
  2. Run the following command.
    oc create -f <sample_secret_file>.yaml -n <sip_installation_namespace>
    
    A secret based on the values added in the <sample_secret_file>.yaml file is created and encoded.