Adding Secrets
Various password credentials are used by the application to connect to various external components. You must create Kubernetes Secrets for each set of password credentials and provide the secret names in the respective configuration fields in values.yaml file.
You can create Secrets for the following password credentials used by the application:
| Secret StringData | Description | Mandatory? |
|---|---|---|
| passphrase.txt | Y | |
| PROXY_PASSWORD | Provide your network's forward proxy's password. If the proxy does not require authentication, leave the field blank. | N |
| DB_PASSWORD | Specify the database password to connect to the master database schema. Note: The database password is case-sensitive. Therefore, ensure to enter the password in the correct case.
|
Y |
| DB_SSLTRUSTSTORE_PASSWORD | Specify the SSL keystore password for the master database schema. | N |
| TESTMODE_DB_PASSWORD | Y | |
| TESTDB_SSLTRUSTSTORE_PASSWORD | N | |
| PEM_SERVERS_KEYSTORE_PASSWORD | Specify the PEM server's keystore password. | Y |
| PR_SERVERS_KEYSTORE_PASSWORD | Specify the PR server's keystore password. | Y |
| PP_SERVERS_KEYSTORE_PASSWORD | Specify the PP server's keystore password. | Y |
| GATEWAY_SERVERS_KEYSTORE_PASSWORD | Y | |
| GATEWAY_TRUSTSTORE_PASSWORD | Specify the API Gateway server's truststore password. | Y |
| WMQ_SERVERS_PASSWORD | Y | |
| SSO_KEYSTOREPASSWORD | N | |
| SSO_TRUSTSTOREPASSWORD | N | |
| PURGE_TARGET_DB_PASSWORD | N | |
| PURGE_TARGET_DB_TRUSTSTORE_PASSWORD | N | |
| passphraseOld.txt | N | |
| passphraseNew.txt | N |
Secretes for PCM pods:
Note: Same set of secrets should be created for both PCM NonProd and PCM Prod Pods
| Secret StringData | Description |
|---|---|
| DB_PASS | |
| APPLICATION_PASSPHRASE | |
| SERVER_KEYSTORE_PASSWORD | |
| DB_TRUSTSTORE_PASSWORD | |
| SMTP_PASSWORD | |
| API_PASSWORD | |
| STERLING_SYSTEM_PASSPHRASE | |
| STERLING_B2BAPI_PASSWORD | |
| STERLING_SFGAPI_PASSWORD | |
| SSP_PASSWORD | |
| SAML_KEY_PASSWORD | |
| SAML_KEYSTORE_PASSWORD | |
| PEM_DB_PASSWORD | |
| PEM_API_PASSWORD | |
| PGP_PASSPHRASE | |
| SEAS_TRUSTSTORE_PASSWORD | |
| SEAS_KEYSTORE_PASSWORD |
To create Secrets using the command line, follow the steps below:
- Create a template file with the Secret definition.For example, create a Secret for the system passphrase as shown below:
apiVersion: v1 kind: Secret metadata: name: ibm-pem-secret type: Opaque stringData: passphrase.txt: passwordNote:- For reference, a sample of the secret template definition for all application secrets is available here -
(untar the downloaded archive)/ibm_cloud_pak/pak_extensions/pre-install/secret/app-secrets.yaml - While using the sample application Secret template, you can modify the secret names as required but the keywords used in the
stringDatasection must be as defined in the sample template. For example: In case of the Secret for the system passphrase mentioned above, thestringDatakeyword must be passphrase.txt.
- For reference, a sample of the secret template definition for all application secrets is available here -
- Run the following Kubernetes command to create the Secret:
Kubectl apply - f [template file]