Creating IBM RPA secrets

The IBM RPA operator connects to external services and uses OpenShift secrets to manage the credentials to these services.

Before you deploy your IBM RPA instance, you must create the following secrets:

  • Database connection secret
    Create a secret that contains the connection string to the database.

  • SMTP secret
    Create a secret that contains a username and password for the SMTP server.

  • First tenant owner secret
    Create a secret that contains the name and email of the first tenant owner.

  • Optional: Redis password secret
    Create a password secret for Redis before you install the IBM RPA operator. If you skip this step, the operator generates default credentials, but you get a warning message to change the Redis password.

Creating a database secret

Use the following command to create the secret:

oc create secret generic <NAME> -n <NAMESPACE> --from-literal=AddressContext='<ADDRESS_CONTEXT_CONNECTION_STRING>' --from-literal=AutomationContext='<AUTOMATION_CONTEXT_CONNECTION_STRING>' --from-literal=KnowledgeBase='<KNOWLEDGEBASE_CONTEXT_CONNECTION_STRING>' --from-literal=WordnetContext='<WORDNET_CONTEXT_CONNECTION_STRING>' --from-literal=AuditContext='<AUDIT_CONTEXT_CONNECTION_STRING>'

Replacing the following values:

  • NAME
    The name of your secret. It must match the name that you specify in the externalConnection section of the CR.

  • NAMESPACE
    The namespace that you want the secret to be created in. It can be the same namespace that you create your IBM RPA instance in.

  • ADDRESS_CONTEXT_CONNECTION_STRING
    The connection string to the address database.

  • AUTOMATION_CONTEXT_CONNECTION_STRING
    The connection string to the automation database.

  • KNOWLEDGEBASE_CONTEXT_CONNECTION_STRING
    The connection string to the knowledgebase database.

  • WORDNET_CONTEXT_CONNECTION_STRING
    The connection string to the wordnet database.

  • AUDIT_CONTEXT_CONNECTION_STRING
    The connection string to the audit database.

These connection strings must correspond to the Microsoft SQL Server databases you created as described in the Create the connection strings topic.

Example of connection string:

Data Source=dbserver.example.com\SQLEXPRESS,1433;Initial Catalog=automation;User ID=dbuser;Password=dbpass;Connect Timeout=30;Encrypt=False;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False

Creating an SMTP secret

Use the following command to create the secret:

oc create secret generic <NAME> -n <NAMESPACE> --from-literal=username=<USERNAME> --from-literal=password=<PASSWORD>

Replace the following values:

  • NAME
    The name of your secret. It must match the name that you specify in the userSecret property in the smtp section of the CR.

  • NAMESPACE
    The namespace that you want the secret to be created in. It needs to be the same namespace that you create your IBM RPA instance in.

  • USERNAME
    The username for the SMTP server.

  • PASSWORD
    The password for the SMTP server.

Creating the first tenant owner secret

Use the following command to create the secret:

oc create secret generic <NAME> -n <NAMESPACE> --from-literal=name=<USERNAME> --from-literal=email=<EMAIL>

Replace the following values:

  • NAME
    The name of your secret. It must match the name that you specify in the ownerSecret property in the firstTenant section of the CR.

  • NAMESPACE
    The namespace that you want the secret to be created in. It must be the same namespace that you create your RPA instance in.

  • USERNAME
    The username of the tenant admin.

  • EMAIL
    The email address of the tenant admin user.

Creating a Redis password secret

  1. Create a YAML secret locally with a specified password:

    apiVersion: v1
    kind: Secret
    metadata:
      name: <RPA-INSTANCE-NAME>-redis-rpa
      namespace: <NAMESPACE>
      labels:
        app.kubernetes.io/component: rpa
        app.kubernetes.io/instance: <RPA-INSTANCE-NAME>
        app.kubernetes.io/managed-by: ibm-rpa-operator
        app.kubernetes.io/name: redis
        rpa.automation.ibm.com/cr-name: <RPA-INSTANCE-NAME>
    data:
      default_password: <PASSWORD>
    type: Opaque 
    

    Replace the following values:

    • RPA-INSTANCE-NAME
      The name of your IBM RPA instance, which is specified in the name property of your IBM RPA custom resource.

    • NAMESPACE
      The namespace that you want the secret to be created in. It needs to be the same namespace that you create your IBM RPA instance in.

    • PASSWORD
      The base64-encoded password for Redis. In versions prior to 23.0.12, this field is ADMIN_PASSWORD instead of default_password.

  2. Apply the file:

    oc apply -f <FILENAME>.yaml
    

    Replace FILENAME with the path to the YAML file.

Important:
  • Starting from version 23.0.12, you can now change the password after installing the operator.
  • If you don't create a password secret, the operator generates a default password and you get warning messages advising you to change the password.
  • To remove the warning message and change the password, you can change the default_password field in the Redis password secret. In versions prior to 23.0.12, you must create a new Redis password secret and reinstall the IBM RPA operator.

What to do next

You can now create your custom resource to deploy your IBM RPA instance. For more information, see Configuring custom resources.