Using secret to avoid passwords in plain text
To use a secret to avoid using passwords in plain text, complete the following steps:
Procedure
-
On a Linux virtual machine, run the following command:
echo -n 'unica*03' | base64You will see the following output: "dW5pY2EqMDM="
-
Create a
YAML
file (example unicadbSecret.yaml) and in theYAML
file add the following parameters:apiVersion: v1 kind: Secret metadata: name: unica-db-token type: Opaque data: PLATFORM_DATABASE_PASSWORD: "dW5pY2EqMDM="
-
To use the password in Unica Platform,
update the Platform deployment, and
wherever envFrom exists, add the the following code:
envFrom: - secretRef: name: unica-db-token - configMapRef:
- Either comment or delete the parameter PLATFORM_DATABASE_PASSWORD: unica*03 from the platform-configMap.yaml file.
What to do next
Note:
- The same unicadbSecret.yaml can be used for multiple
Unica product database
passwords. Repeat Step 3 and Step 4 for each products
deployment and their respectiv configmap.yaml file. For
example, in case of Unica Plan,
with PLAN_DATABASE_PASSWORD:
unica*03, add the following lines of
code
apiVersion: v1 kind: Secret metadata: name: unica-db-token type: Opaque data: PLATFORM_DATABASE_PASSWORD: "dW5pY2EqMDM=" PLAN_DATABASE_PASSWORD: "dW5pY2EqMDM="
In this case, update the Plan deployment and configmap.yaml file.
- Limit the secret size to
1 MB
. If the secret size is more than1 MB
, split it into multiple tokens.