B Reference of Secrets Created by the Scripts
The secrets created by the OSM cloud native toolkit scripts follow the naming pattern of <project>-<instance>-<suffix>, where the "suffix" differentiates between the secrets.
The following table lists the secrets, describes their purpose, and provides other details.
| Secret Name | Purpose | Must Have? | Creation | Details |
|---|---|---|---|---|
| <project>-<instance>-database-credentials | Credentials and connection details for OSM DB schemas. | Yes | manage-instance-credentials osmdb |
DB Credentials Secret |
| <project>-<instance>-rcudb-credentials | Credentials and connection details for FMW RCU DB schemas. | Yes | manage-instance-credentials rcudb |
RCU DB Credentials Secret |
| <project>-<instance>-weblogic-credentials | WebLogic admin credential. | Yes | manage-instance-credentials wlsadmin |
WebLogic Credentials Secret |
| <project>-<instance>-runtime-encryption-secret | Password used to secure instance metadata in Kubernetes. | Yes | manage-instance-credentials wlsRTE |
WebLogic Runtime Encryption Secret |
| <project>-<instance>-opss-wallet-password-secret | Password used to encrypt the FMW wallet. | Yes | manage-instance-credentials opssWP |
FMW Wallet Encryption Secret |
| <project>-<instance>-opss-walletfile-secret | Secure storage of FMW wallet. | No |
|
FMW Secure Wallet Secret |
| <project>-<instance>-embedded-ldap-credentials | Passwords for OSM's internal users. | Yes | manage-instance-credentials osmldap |
OSM Internal User Passwords Secret |
| <project>-<instance>-oidc-credentials | Credentials and connection details for the OIDC IdP in order to secure TMF and Fallout Exception REST APIs. | Yes | manage-instance-credentials oidc |
OSM OIDC Credentials Secret |
| <project>-<instance>-fluentd-credentials | Credentials and connection details to the ElasticSearch service. | No |
|
OSM Fluentd Credentials Secret |
| <project>-<instance>-app-tls-cert | Certificate and key to access OSM TMF REST APIs, Fallout Exception APIs and UX backend APIs. | No |
|
Certificate and Key to Access the Gateway HTTPS Endpoint |
| <project>-<instance>-osm-tls-cert | Certificate and key to access the OSM HTTPS endpoint. | No |
|
Certificate and Key to Access the OSM HTTPS Endpoint |
| <project>-<instance>-admin-tls-cert | Certificate and key to access the OSM WebLogic Admin Console HTTPS endpoint. | No |
|
Certificate and Key to Access the OSM WebLogic Admin Console HTTPS Endpoint |
| <project>-<instance>-t3-tls-cert | Certificate and key to access the OSM t3 over HTTPS endpoint. | No |
|
CertificateandkeytoaccesstheOSMt3overHTTPS |
| <project>-<instance>-truststore | Providing OSM with trusted CAs for secure outbound JMS/SAF | No |
|
Trusted CA Injection |
| <project>-<instance>-keystore | Providing OSM with private keys for secure outbound JMS/SAF or SAML IdP | No |
|
Secure Identity |
| <project>-<instance>-db-wallet | Secure storage of details to connect to the ADB database. | No |
|
ADB Wallet Secret |
| <project>-<instance>-db-secret | ADB administrator password. | No |
|
ADB Admin Secret |
| <project>-<instance>-osmcn-cred-<user> | Credentials for custom users defined by the cartridge Credentials required by the cartridge accessed from the map named "osm" | No |
|
Cartridge Defined Custom User Credentials |
| <project>-<instance>-ldap-credentials | Information required for OSM to use an external LDAP for human user credentials | No |
|
External LDAP Information |
| <project>-<instance>-openldap-credentials | Information required for OSM to use an external OpenLDAP for human user credentials | No |
|
External OpenLDAP Information |
| <project>-<instance>-saf-<remote-system> | Credentials to establish SAF connectivity to <remote-system> | No |
|
SAF Credentials |
| <project>-<instance>-global-trust-credentials | Shared password for configuring global trust | No |
|
Global Trust Credentials |
| <remote-domain-secret> | User credentials for the cross-domain users in remote domain | No |
|
Cross Domain Users in Remote Domains |
| <project>-<instance>-crossdomain-users | User credentials for the cross-domain users in OSM cloud native | No |
|
Xtrust Secret |
| <repository-access-secret> | Credentials to access a repository | No |
|
Generic Credentials |
| <project>-<instance>-<securityScheme> | Secrets for establishing connections to target systems that are defined in the security scheme. | No |
|
Security Scheme Credentials |
| <project>-<instance>-ssosaml-archive | Secure information for OSM to communicate with SAML IdP. | No |
|
SAML Archive for IdP |
DB Credentials Secret
Credentials and connection details for OSM DB schemas.
db_connection_string: <db-host-or-ip>:<db-port>/<db-service-name>
db_password: <osmschema-user-password>
db_reports_password: <reportsschema-user-password>
db_reports_user: <reportsschema-user-name>
db_rule_password: <ruleschema-user-password>
db_rule_user: <ruleschema-user-name>
db_service_name: <db-service-name>
db_user: <osmschema-user-name>
dba_password: <dbadmin-password>
dba_user: <dbadmin-user-name>
is_adb: <Y/N> -- Y for yes, N for No.RCU DB Credentials Secret
Credentials and connection details for FMW RCU DB schemas.
is_adb: <Y/N> -- Y for yes, N for No.
rcu_admin_password: <dbadmin-password>
rcu_admin_user: <dbadmin-user-name>
rcu_db_conn_string: <db-host-or-ip>:<db-port>/<db-service-name>
rcu_prefix: <unique-prefix-for-this-instance>
rcu_schema_password: <password-for-all-rcu-schemas>WebLogic Credentials Secret
WebLogic admin credential.
<project>-<instance>-weblogic-credentials
password: <weblogic-admin-password>
username: <weblogic-admin-username>WebLogic Runtime Encryption Secret
Password used to secure instance metadata in Kubernetes.
<project>-<instance>-runtime-encryption-secret
password: <runtime-encryption-password>FMW Wallet Encryption Secret
Password used to secure instance metadata in Kubernetes.
<project>-<instance>-opss-wallet-password-secret
walletPassword: <wallet-encryption-password>FMW Secure Wallet Secret
Secure storage of FMW wallet.
<project>-<instance>-opss-walletfile-secret
walletFile: <encrypted-wallet>OSM Internal User Passwords Secret
Passwords for OSM's internal users.
<project>-<instance>-embedded-ldap-credentials
automation_password: <password for oms-automation user>
gateway_internal_password: <password for gateway internal user>
gateway_internal_user: <username for gateway internal user>
internal_password: <password for oms-internal user>
metrics_password: <password for metrics user>
omsadmin_password: <password for omsadmin user>
sceadmin_password: <password for sceadmin user>OSM OIDC Credentials Secret
Credentials and connection details for the OIDC IdP in order to secure TMF and Fallout Exception REST APIs.
<project>-<instance>-oidc-credentials
app-oidc-audience: <the oidc audience>
app-oidc-base-url: <the oidc base url>
app-oidc-client-id: <the oidc client id>
app-oidc-client-secret: <the oidc client secret>
client-oidc-access-token-url: <the token access url>
client-oidc-scope: <the scope>OSM Fluentd Credentials Secret
Credentials and connection details to the ElasticSearch service.
<project>-<instance>-fluentd-credentials
elasticsearchhost: <host name of the elastic search server>
elasticsearchpassword: <password to access the elastic search service>
elasticsearchport: <port id of the elastic search service>
elasticsearchuser: <user name to access the elastic search service>Certificate and Key to Access the Gateway HTTPS Endpoint
Certificate and key to access OSM TMF REST APIs, Fallout Exception APIs and UX backend APIs.
<project>-<instance>-app-tls-cert
tls.crt: <TLS access certificate>
tls.key: <TLS access key>Certificate and Key to Access the OSM HTTPS Endpoint
Certificate and key to access the OSM HTTPS endpoint.
<project>-<instance>-osm-tls-cert
tls.crt: <TLS access certificate>
tls.key: <TLS access key>Certificate and Key to Access the OSM WebLogic Admin Console HTTPS Endpoint
Certificate and key to access the OSM WebLogic Admin Console HTTPS endpoint.
<project>-<instance>-admin-tls-cert
tls.crt: <TLS access certificate>
tls.key: <TLS access key>Certificate and Key to Access the OSM t3 over HTTPS
Certificate and key to access the OSM t3 over HTTPS.
<project>-<instance>-t3-tls-cert
tls.crt: <TLS access certificate>
tls.key: <TLS access key>Trusted CA Injection
CA trust for secure outbound JMS/SAF connections.
<project>-<instance>-truststore
<cert-name>.crt: <concatenated-CA-certs>
passphrase: <truststore access password>Secure Identity
Private key to define identity for secure outbound JMS/SAF connections.
<project>-<instance>-identitystore
<key-name>.key: <private key>
passphrase: <keystore access password>ADB Wallet Secret
Secure storage of details to connect to the ADB database.
<project>-<instance>-db-wallet
wallet-password: <adb wallet password>
ojdbc.properties: <ojdbc.properties>
tnsnames.ora: <tnsnames.ora>
sqlnet.ora: <sqlnet.ora>
cwallet.sso: <cwallet.sso>
ewallet.p12: <ewallet.p12>
keystore.jks: <keystore.jks>
truststore.jks: <truststore.jks>ADB Admin Secret
ADB administrator password.
<project>-<instance>-db-secret
admin-password: <Adb administrator password>Cartridge Defined Custom User Credentials
This example is for a custom user named "osmprime" defined by the cartridge. These three lines will repeat for each custom user, with "osmprime" being replaced by each user in turn.
<project>-<instance>-osmcn-cred-<user>
osmUser_osmprime_groups: <comma-separated list of OSM groups for this user>
osmUser_osmprime_name: <osmprime>
osmUser_osmprime_password: <password for osmprime>This example is for a cartridge that invokes getOsmCredentialPassword
with user "osmsom". These two lines will repeat for each user invoked by the cartridge
using getOsmCredentialPassword.
osmUser_osmsom_name: <osmsom>
osmUser_osmsom_password: <password for osmsom>External LDAP Information
Credentials and connection details required to connect with the external LDAP server.
ldap_credential: <password to access external LDAP>
ldap_groupBaseDn: <base DN on external LDAP to use to look for groups>
ldap_host: <hostname or IP of LDAP server>
ldap_port: <port of LDAP server>
ldap_principal: <LDAP principal to use>
ldap_userBaseDn: <base DN on external LDAP to use to look for users>External OpenLDAP Information
Credentials and connection details required to connect with the external OpenLDAP server.
openldap_credential: <password to access external OpenLDAP>
openldap_groupBaseDn: <base DN on external OpenLDAP to use to look for groups>
openldap_host: <hostname or IP of OpenLDAP server>
openldap_port: <port of OpenLDAP server>
openldap_principal: <OpenLDAP principal to use>
openldap_userBaseDn: <base DN on external OpenLDAP to use to look for users>SAF Credentials
Each SAF credential secret contains exactly one set of credentials.
SAF Credentials
username: <SAF destination weblogic user name>
password: <password for above user>Global Trust Credentials
Shared password for establishing global trust with those domains with which OSM cloud native communicates.
<project>-<instance>-global-trust-credentials
password: <shared trust password>Cross Domain Users in Remote Domains
Secret(s) for remote users configured in each remote domain with which OSM cloud native communicates.
<remote-domain-secret>
username: <user configured in remote domain>
password: <password for above user as configured in remote domain>Xtrust Secret
Credential for each of the cross-domain users to be configured in an OSM cloud native instance.
<project>-<instance>-crossdomain-users
<cross-domain-user-1>_password: <local password for cross-domain-user-1>
<cross-domain-user-2>_password: <local password for cross-domain-user-2>...Generic Credentials
Each credential secret contains exactly one set of credentials.
Generic Credentials
username: <user name>
password: <password for above user>Security Scheme Credentials
Secrets for establishing connections to target systems that are defined in the security scheme. It supports two types of authentication: OAuth2 and Username/Password.
-
OAuth2: uses OIDC for authentication
<project>-<instance>-<securitySchemeName> (OAuth2)
clientId: <client id> secret: <secret> -
Username/Password: uses username and password for authentication
<project>-<instance>-<securitySchemeName> (userPassword)
password: <password> user: <user>