Containers:
V20.x: A secret is an object that contains a small amount of
sensitive data such as a password, a token, or a key. Before you install IBM® Business Automation
Workflow, you must create secrets manually for LDAP, IBM Business Automation
Workflow, User Management Service,
FileNet® Content
Manager, IBM Business Automation
Navigator, V20.0.0.2 IBM Business Automation Application Engine, and Resource Registry.
About this task
All values under data
in each secret must be Base64 encoded. To get a
Base64-encoded string, run the following
command:echo -n "<sample_string>" | base64
The output is the
Base64-encoded result.
Procedure
- An LDAP server is required before you install IBM Business Automation
Workflow. Create required secrets for LDAP.
- Save the following content in a YAML file named, for example,
ldap-bind-secret.yaml.
LDAP
secret:
apiVersion: v1
kind: Secret
metadata:
name: ldap-bind-secret
type: Opaque
data:
ldapUsername: <LDAP_BIND_DN>
ldapPassword: <LDAP_PASSWORD>
where:
ldapUsername
corresponds to the bindDN
property of your LDAP
server, Base64-encoded
ldapPassword
corresponds to the bindPassword
property of your
LDAP server, Base64-encoded
- On the OpenShift master node, run the following command for the YAML file:
oc apply -f YAML_file_name
- In your custom resource file:
- Specify the hostname of your LDAP server as the
ldap_configuration.lc_ldap_server
property.
- Specify the secret name that you created above as the
ldap_configuration.lc_bind_secret
property.
- Create required secrets for IBM Business Automation
Workflow.
-
Save the following content in a separate YAML file for each secret. All values under
data
in the secret must be Base64 encoded.
Business Automation Workflow Server database
secret:
apiVersion: v1
kind: Secret
metadata:
name: ibm-baw-wfs-server-db-secret
type: Opaque
data:
dbUser: <DB_USER>
password: <DB_USER_PASSWORD>
where
dbUser
and
password
are the database user name and password. Ensure all values under
data
are Base64 encoded.
IBM Process Federation
Server
secret:
This secret is required for 20.0.2 or earlier versions. Use the following content.
Note: V20.0.0.2 This secret is
optional. If you set the Process Federation Server admin secret
name in pfs_configuration.admin_secret_name
, the operator creates it automatically.
However, if you want to create the secret manually, use the following content.
apiVersion: v1
kind: Secret
metadata:
name: ibm-pfs-admin-secret
type: Opaque
data:
ltpaPassword: <LTPA_PASSWORD>
oidcClientPassword: <OIDC_CLIENT_PASSWORD>
sslKeyPassword: <SSL_KEY_PASSWORD>
ltpaPassword
is used to set the LTPA password
oidcClientPassword
is registered at UMS as the OIDC client password
sslKeyPassword
is used as the keystore and truststore password
- All values under
data
are Base64-encoded.
Optional: Workflow server admin secret. This secret is used to integrate with other servers, such
as UMS. You must set the Workflow Server admin secret name in
baw_configuration[x].admin_secret_name
and the operator creates it automatically.
However, if you want to create the secret manually, use the following
content:
apiVersion: v1
kind: Secret
metadata:
name: ibm-baw-admin-secret
type: Opaque
data:
sslKeyPassword: <SSL_KEY_PASSWORD>
oidcClientPassword: <OIDC_CLIENT_PASSWORD>
where:
sslKeyPassword
is used as the keystore and truststore password
oidcClientPassword
is used as the OIDC client password
- All values under
data
are Base64-encoded.
- On the OpenShift master node, run the following command for each YAML file:
oc apply -f YAML_file_name
- Create required secrets for User Management Service (UMS)
by following the step to prepare your security environment in Configuring User Management Service.
- As an example of a UMS secret, you would save the following content in a YAML
file.
User Management Service
secret:
apiVersion: v1
kind: Secret
metadata:
name: ibm-dba-ums-secret
type: Opaque
data:
adminUser: <UMS_USER>
adminPassword: <UMS_PASSWORD>
oauthDBUser: <UMS_DB_USER>
oauthDBPassword: <UMS_DB_PASSWORD>
tsDBUser: <UMS_DB_USER>
tsDBPassword: <UMS_DB_PASSWORD>
where:
adminUser
is the UMS admin user
oauthDBUser
is the UMS database user
tsDBUser
is the UMS database user
Ensure all values under
data
are Base64-encoded.
- On the OpenShift master node, run the following command for the YAML file:
oc apply -f YAML_file_name
- Create required secrets for FileNet Content
Manager by following step 1 to prepare your
security environment in Configuring FileNet Content
Manager.
- Create required secrets for IBM Business Automation
Navigator by
following step 1 to prepare your security environment in Configuring Business Automation Navigator.
-
V20.0.0.2 Create required secrets for
Application Engine by following the instructions in Creating secrets to protect sensitive configuration data.
These instructions also include creating a secret for Resource Registry.