When a user creates a connection, they can provide their credentials by entering them
directly or by specifying a secret. A Red Hat® OpenShift® administrator can configure Cloud Pak for Data to enforce the exclusive use of secrets from an
external vault (such as CyberArk or
HashiCorp).
- Permissions that you need for this task
- You must have the following permissions to restrict user access to
connections with external vault secrets.
- Administrator of the Red Hat OpenShift project (namespace) where Cloud Pak for Data is installed.
- When you need to complete this task
- You can complete this task anytime after Cloud Pak for Data is installed.
About this task
A Red Hat OpenShift project (namespace) administrator can edit the config-wdp-connect-connection
configuration map to set allow-only-vaulted-credentials to
true.
Procedure
- Log in to your Red Hat OpenShift cluster as a project administrator.
oc login OpenShift_URL:port
- Change to the project where Cloud Pak for Data is installed.
- Run the following command to edit the Cloud Pak for Data
config-wdp-connect-connection file.
oc edit configmap config-wdp-connect-connection
- Change the allow-only-vaulted-credentials
parameter value to
true (the default value is false).
allow-only-vaulted-credentials:true
- Save your changes and exit. For example, if you are using
vi, hit esc and enter :wq.
- Delete the relevant pods:
oc delete pods -l app=wdp-connect-connection
oc delete pods -l app=wdp-connect-connector
- Verify that the pods return and are running:
oc get pods -l app=wdp-connect-connection
oc get pods -l app=wdp-connect-connector
Results
Cloud Pak for Data is
configured for the exclusive use of external vault secrets for connections.