Creating Secrets

Samples for Local Edition secrets are available in <extract location>/samples/ folder for different components.

All sensitive information required for Local Edition to work is externalized as Kubernetes secrets. The secrets must be created in the same namespace where Local Edition is deployed and secured using the service account created in Secure Access to Image Registry.

note

When creating secrets using YAMLs, entries must be encoded in base64.

The sensitive information included is not limited to the following:

• Usernames that are needed to contact external services such as a database or log destination.

• Any sensitive information is optionally encrypted using the apim_crypto utility.

• Identity certificates

• Identity keys such as client keys for TLS communication

• API Key

• Platform API Token

• Default password for the admin user on ConfigUI

• Other

See Also

• Encrypting Sensitive Information (Optional)
• Enabling TLS Certs for HTTPS (Optional)
• Other Secrets