Creating IBM RPA secrets
The IBM RPA operator connects to external services and uses OpenShift secrets to manage the credentials to these services.
Before you deploy your IBM RPA instance, you must create the following secrets:
-
Database connection secret
Create a secret that contains the connection string to the database. -
SMTP secret
Create a secret that contains a username and password for the SMTP server. -
First tenant owner secret
Create a secret that contains the name and email of the first tenant owner. -
Optional: Redis password secret
Create a password secret for Redis before you install the IBM RPA operator. If you skip this step, the operator generates default credentials, but you get a warning message to change the Redis password.
Creating a database secret
Use the following command to create the secret:
oc create secret generic <NAME> -n <NAMESPACE> --from-literal=AddressContext='<ADDRESS_CONTEXT_CONNECTION_STRING>' --from-literal=AutomationContext='<AUTOMATION_CONTEXT_CONNECTION_STRING>' --from-literal=KnowledgeBase='<KNOWLEDGEBASE_CONTEXT_CONNECTION_STRING>' --from-literal=WordnetContext='<WORDNET_CONTEXT_CONNECTION_STRING>' --from-literal=AuditContext='<AUDIT_CONTEXT_CONNECTION_STRING>'
Replacing the following values:
-
NAME
The name of your secret. It must match the name that you specify in theexternalConnection
section of the CR. -
NAMESPACE
The namespace that you want the secret to be created in. It can be the same namespace that you create your IBM RPA instance in. -
ADDRESS_CONTEXT_CONNECTION_STRING
The connection string to the address database. -
AUTOMATION_CONTEXT_CONNECTION_STRING
The connection string to the automation database. -
KNOWLEDGEBASE_CONTEXT_CONNECTION_STRING
The connection string to the knowledgebase database. -
WORDNET_CONTEXT_CONNECTION_STRING
The connection string to the wordnet database. -
AUDIT_CONTEXT_CONNECTION_STRING
The connection string to the audit database.
These connection strings must correspond to the Microsoft SQL Server databases you created as described in the Create the connection strings topic.
Example of connection string:
Data Source=dbserver.example.com\SQLEXPRESS,1433;Initial Catalog=automation;User ID=dbuser;Password=dbpass;Connect Timeout=30;Encrypt=False;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False
Creating an SMTP secret
Use the following command to create the secret:
oc create secret generic <NAME> -n <NAMESPACE> --from-literal=username=<USERNAME> --from-literal=password=<PASSWORD>
Replace the following values:
-
NAME
The name of your secret. It must match the name that you specify in theuserSecret
property in thesmtp
section of the CR. -
NAMESPACE
The namespace that you want the secret to be created in. It needs to be the same namespace that you create your IBM RPA instance in. -
USERNAME
The username for the SMTP server. -
PASSWORD
The password for the SMTP server.
Creating the first tenant owner secret
Use the following command to create the secret:
oc create secret generic <NAME> -n <NAMESPACE> --from-literal=name=<USERNAME> --from-literal=email=<EMAIL>
Replace the following values:
-
NAME
The name of your secret. It must match the name that you specify in theownerSecret
property in thefirstTenant
section of the CR. -
NAMESPACE
The namespace that you want the secret to be created in. It must be the same namespace that you create your RPA instance in. -
USERNAME
The username of the tenant admin. -
EMAIL
The email address of the tenant admin user.
Creating a Redis password secret
-
Create a YAML secret locally with a specified password:
apiVersion: v1 kind: Secret metadata: name: <RPA-INSTANCE-NAME>-redis-rpa namespace: <NAMESPACE> labels: app.kubernetes.io/component: rpa app.kubernetes.io/instance: <RPA-INSTANCE-NAME> app.kubernetes.io/managed-by: ibm-rpa-operator app.kubernetes.io/name: redis rpa.automation.ibm.com/cr-name: <RPA-INSTANCE-NAME> data: default_password: <PASSWORD> type: Opaque
Replace the following values:
-
RPA-INSTANCE-NAME
The name of your IBM RPA instance, which is specified in thename
property of your IBM RPA custom resource. -
NAMESPACE
The namespace that you want the secret to be created in. It needs to be the same namespace that you create your IBM RPA instance in. -
PASSWORD
The base64-encoded password for Redis. In versions prior to 23.0.12, this field isADMIN_PASSWORD
instead ofdefault_password
.
-
-
Apply the file:
oc apply -f <FILENAME>.yaml
Replace
FILENAME
with the path to the YAML file.
- Starting from version 23.0.12, you can now change the password after installing the operator.
- If you don't create a password secret, the operator generates a default password and you get warning messages advising you to change the password.
- To remove the warning message and change the password, you can change the
default_password
field in the Redis password secret. In versions prior to 23.0.12, you must create a new Redis password secret and reinstall the IBM RPA operator.
What to do next
You can now create your custom resource to deploy your IBM RPA instance. For more information, see Configuring custom resources.