Disabling the internal vault for the IBM Software Hub web client

An instance administrator can optionally disable the IBM® Software Hub internal vault for the IBM Software Hub web client.

Permissions you need for this task
You must be a Red Hat® OpenShift® Container Platform project or cluster administrator.
When you need to complete this task
You can complete this task anytime after IBM Software Hub is installed.

About this task

Data stored in the internal vault is encrypted and secure for production use. The internal vault provides essential secrets management capabilities suitable for many deployment scenarios. However, if you have an external vault, such as HashiCorp Vault or CyberArk, you can optionally disable the internal vault to ensure that users use secrets from your existing vault or from a vault approved by your organization.

Important: When you disable the internal vault, all of the secrets that are stored in the vault are also deleted.

Procedure

  1. Log in to your Red Hat OpenShift Container Platform cluster as a user with sufficient permissions to complete the task: 
    ${OC_LOGIN}
  2. Run the following command to edit the IBM Software Hub product-configmap file: 
    oc patch cm product-configmap \
--namespace=${PROJECT_CPD_INST_OPERANDS} \
--type=merge \
--patch '{"data": {"VAULT_DISABLE_INTERNAL_VAULT": "true"}}'
  3. Restart the zen-watcher pods. 
    oc delete pods \
--namespace=${PROJECT_CPD_INST_OPERANDS} \
-l component=zen-watcher