Create OpenShift secrets to store credentials and security artifacts required for
deploying PEM 2.0 and the Identity Service on Red Hat OpenShift.
About this task
PEM 2.0 deployments on OpenShift require secrets to be created for both the Identity
Service and the PEM application before deployment.
These secrets store sensitive information such as database credentials, keystores,
truststores, certificates, and passphrases. The Identity Service must be able to access its
secrets before PEM is deployed, because PEM depends on the Identity Service for
authentication and authorization.
Procedure
-
Create secrets required for the Identity Service and PEM
Create secrets for the Identity Service first, followed by secrets for the PEM
application.
Create secrets for the Identity Service that contain the following:
- Database credentials for the Identity Service
- Identity Service server keystore file
- Keystore password for the Identity Service
- Truststore file, if required
Create secrets for the PEM application that contain the following:
passphrase.txt- PEM keystore file
- PEM database credentials
- Keystore passwords
You can use the sample configuration files provided under
pak_extensions/pre-install/secret as a reference.
-
Apply the secrets configuration file
Apply the secrets configuration file to create the required OpenShift secrets in the
target namespace.
oc apply -f app-secrets.yaml
-
Create an image pull secret
Create an image pull secret to allow OpenShift to pull PEM and Identity Service images
from a private container registry.
oc create secret docker-registry <secret-name> \
--docker-server=<registry-server> \
--docker-username=<username> \
--docker-password=<password> \
--docker-email=<email>