Adding Secrets

Various password credentials are used by the system to connect to various external components. You must create Kubernetes Secrets for each set of password credentials and provide the secret names in the respective configuration fields in values.yaml file.

You can create Secrets either using the command line or the Platform Catalog UI using the Secret kind template.
You can create Secrets for the following password credentials used by the application:
  1. System Passphrase
  2. Database credentials which include - User Name - Password
    If SSL connection is enabled for database - Truststore Password - Keystore Password
  3. JMS MQ server credentials - User Name - Password
    If SSL connection is enabled for database - Truststore Password - Keystore Password
  4. Liberty API server, If SSL/HTTPs is enabled - Keystore Password

To create Secrets using the command line, follow the steps below:

  1. Create a template file with the Secret definition.
    For example: Create a Secret for the system passphrase as shown below:
    
apiVersion: v1
kind: Secret
metadata:
  name: b2b-system-passphrase-secret
type: Opaque
stringData:  
  SYSTEM_PASSPHRASE: {{passphrase}}
  2. Run the following Kubernetes command to create the Secret. 
    
Kubectl apply - f [template file]
    Note:
    • For reference, a sample of the secret template definition for all application secrets is available here - (untar the downloaded archive)/ibm_cloud_pak/pak_extensions/pre-install/secret/app-secrets.yaml.
    • While using the sample application Secret template, you can modify the secret names as required but the keywords used in the stringData section must be as defined in the sample template. For example: In case of the Secret for the system passphrase mentioned above, the stringData keyword must be SYSTEM_PASSPHRASE.

    Alternatively, you can also create Secrets using the Platform Catalog UI by copying and pasting the snippets from the sample application Secrets template.

    After Secrets are created, you need to specify the Secret names against the respective configuration fields in the values.yaml file or Platform Catalog UI under the setup.cfg section as:
    • systemPassphraseSecret
    • dbSecret
    • jmsSecret
    • libertySecret

After successful installation of the Helm charts, the system derives all the required password credentials from the created Kubernetes Secrets.