Bootstrapping System Credentials | Anchor |
|---|
| bootstrapping-system-credentials |
|---|
| bootstrapping-system-credentials |
|---|
|
Usage Engine Private Edition uses a number of system credentials in order to function as expected. These system credentials are kept in a Kubernetes secret called env-secrets located in the same namespace as where Usage Engine Private Edition is being installed. This secret can be populated in three different ways: Manually creating and populating it prior to installing Usage Engine Private Edition. Providing the credential(s) as helm values at install time. In which case the secret will be automatically created (if it does not already exist) and populated with the corresponding helm value(s). Be aware that storing credentials in a values.yaml file in version control is not secure. If you still need to do this you should consider using tools like https://github.com/mozilla/sops . Letting it be automatically populated at install time. In which case the secret will be automatically created and populated. Passwords will consist of eight randomly generated characters.
| Info |
|---|
Note that the three options are not mutually exclusive. It is possible to populate some credentials in advance, some through helm values, and let some be automatically generated. |
Here follows an explanation of the system credentials used by Usage Engine Private Edition: Secret Key | Corresponding Helm Value | Description |
|---|
jdbcUser
| platform.db.jdbcUser
| The user that Usage Engine Private Edition uses when connecting to the system database. | jdbcPassword
| platform.db.jdbcPassword
| The password of the user that Usage Engine Private Edition uses when connecting to the system database. See jdbcUser. If you created the system database manually (see the preparations for System Database), then you need to make sure to use the same password here. | mzownerPassword
| postgres.mzownerPassword or oracle.mzownerPassword
| The password of the user owning the system database schema. If you created the system database manually (see the preparations for System Database), then you need to make sure to use the same password here. | postgresqlPassword
| postgres.adminPassword
| The PostgreSQL database administrator password. Only relevant when using PostgreSQL to store the system database. Required in order to have the system database automatically created when installing Usage Engine Private Edition. If you created the system database manually (see the preparations for System Database), then you do not need to set this at all. | oraclePassword
| oracle.adminPassword
| The Oracle database administrator password. Only relevant when using Oracle to store the system database. Required in order to have the system database automatically created when installing Usage Engine Private Edition. If you created the system database manually (see the preparations for System Database), then you do not need to set this at all. | saphanaPassword
| saphana.adminPassword
| The SAP HANA database administrator password. Only relevant when using SAP HANA to store the system database. Required in order to have the system database automatically created when installing Usage Engine Private Edition. If you created the system database manually (see the preparations for System Database), then you do not need to set this at all. | operatorPassword
| operator.operatorPassword
| The password of the mzk8soperator user. This user is used for internal communication between the Operator and the Platform. | tlsKeystorePassword
| platform.tls.key.storepassword
| Keystore password. Used when installing Usage Engine Private Edition with TLS enabled. You need to make sure that this password matches how the certificate was set up when preparing for TLS. | tlsKeyPassword
| platform.tls.key.password
| Key password. Used when installing Usage Engine Private Edition with TLS enabled. You need to make sure that this password matches how the certificate was set up when preparing for TLS. |
This is an example of how to create and populate the secret with some credentials: | Code Block |
|---|
| kubectl create secret generic env-secrets -n uepe \
--from-literal=postgresqlPassword=<your<db_password chosenconfigured postgresqlin adminterraform password>template> \
--from-literal=mzownerPassword=<your chosen mzowner password> |
To inspect the content of the secret, simply execute the following command: | Code Block |
|---|
| kubectl get secret/env-secrets -n uepe -o yaml |
To retrieve a given credential in cleartext, simply execute a command like this (where “jdbcPassword” in the template parameter is the credential you would like to inspect): | Code Block |
|---|
| kubectl get secrets/env-secrets -n uepe --template={{.data.jdbcPassword}} | base64 -d |
|