Disabling the internal vault for the IBM Software Hub web client

An instance administrator can optionally disable the IBM® Software Hub internal vault for the IBM Software Hub web client.

Permissions you need for this task
You must be a Red Hat® OpenShift® Container Platform project or cluster administrator.
When you need to complete this task
You can complete this task anytime after IBM Software Hub is installed.

About this task

If you plan to use vaults to store sensitive data, it is strongly recommended that you use an enterprise-grade vault solution, such as CyberArk or HashiCorp.

You can optionally disable the internal vault to ensure that users use secrets from your existing vault.

You can disable the internal vault, for example, if you want to restrict the use of vault to an organization's approved vault vendors only.

Important: When you disable the internal vault, all of the secrets that are stored in the vault are also deleted.

Procedure

  1. Log in to your Red Hat OpenShift Container Platform cluster as a user with sufficient permissions to complete the task: 
    ${OC_LOGIN}
  2. Run the following command to edit the IBM Software Hub product-configmap file: 
    oc patch cm product-configmap \
--namespace=${PROJECT_CPD_INST_OPERANDS} \
--type=merge \
--patch '{"data": {"VAULT_DISABLE_INTERNAL_VAULT": "true"}}'
  3. Restart the zen-watcher pods. 
    oc delete pods \
--namespace=${PROJECT_CPD_INST_OPERANDS} \
-l component=zen-watcher