Environment data in Vault

Vault is supported for storing sensitive key-value pairs for Docker configuration. If you want to use this method of environment configuration, set CONFIGURE_MODE to Vault. With this setting, startup scripts fetch environment-related data from Vault when you start a Docker container.

You can have a Vault Tenant to represent your company (For example, MyCompany), EnvironmentName (For example, Non-production), and EnvironmentType (For example, auth).

Storing key-value pairs in Vault

To set up Vault, see the Vault website. When you have a Vault ready for use, you can complete the following steps to store and retrieve key-value pairs.
  1. Create a mount point based on the {Tenant}.
    For example,
    init_json='json_data={"type":"generic","description":"description","config":{"max_lease_ttl":"876000"}}'
header="X-Vault-Token:vaultToken"
    curl -X POST -H $header -H "Content-Type:application/json" -d '{"type":"generic","description":"description","config":{"max_lease_ttl":"876000"}}' http://vaultIP:vaultPort/v1/sys/mounts/tenant
  2. Store key-value pair data by using the following command.
    curl -X POST -H "X-Vault-Token:vaultToken" -d '{"value":"value"}' http://vaultIP:vaultPort/v1/tenant/environmentName/enviromentType/targetKey
    For example, to store the value "mall" for a key name "dbName" under path MyCompany/Non-production/auth/dbName:
    curl -X POST -H "X-Vault-Token:7f47efbb-b162-619b-0ced-448079d91b77" -d '{"value":"mall"}' http://myhostname.com:8200/v1/MyCompany/Non-production/auth/dbName

Retrieving key-value pairs in Vault

Retrieve key-value pair data by using the following command.
curl -X GET -H "X-Vault-Token:vaultToken" http://VaultIP:VaultPort/v1/tenant/environmentName/enviromentType/targetKey | jq -r .data.value

Key-value data structure in Consul/Vault

The following tables list all of the default key-value paths on Consul/Vault.

The default EnvType values are auth and live.

You can add your key-value paths based on your business requirements and define custom logic to fetch them.

The structure of the HCL Commerce deployment key-value pair reference is broken down into the following sections by function, and ordered by release level:
Name, port, security scheme, and certificate configurations
KeyPath Mandatory/Optional Sample value Comments
Tenant/EnvName/domainName Optional default.svc.cluster.local If no value is specified, then the default default.svc.cluster.local is used.
Tenant/EnvName/externalDomainName Optional mycompany.com This value specifies the store-web external domain name, which can be recognized by your browser.

For example, in the hostname store.demo4qaauth.hcl.com, hcl.com is the external domain name.
Tenant/EnvName/kafkaServers Optional Specify a value if you want to enable ZooKeeper and Kafka.
The format for this key-value pair is as follows:
"kafkaServers": server1:port1,server1:port2
Tenant/EnvName/zooKeeperServers Optional Specify a value if you want to enable ZooKeeper and Kafka.
The format for this key-value pair is as follows:
"zooKeeperServers": server1:port1,server2:port2
Tenant/EnvName/EnvType/txnPort Optional Specify a value if you want to set txnPort, instead of using the default value.
Tenant/EnvName/EnvType/txHost Optional Specify a value if you want to set txHost, instead of using the default value.
Tenant/EnvName/EnvType/txPort Optional Specify a value if you want to set txPort, instead of using the default value.
Tenant/EnvName/EnvType/xcHost Optional Specify a value if you want to set xcHost, instead of using the default value.
Tenant/EnvName/EnvType/xcPort Optional Specify a value if you want to set xcPort, instead of using the default value.
Tenant/EnvName/EnvType/storeHost Optional Specify a value if you want to set storeHost, instead of using the default value.
Tenant/EnvName/EnvType/storePort Optional Specify a value if you want to set storePort, instead of using the default value.
Tenant/EnvName/EnvType/storeWebHost Optional Specify a value if you want to set storeWebHost, instead of using the default value.
Tenant/EnvName/EnvType/storeWebPort Optional Specify a value if you want to set storeWebPort, instead of using the default value.
Optional Specify if you want to set the store access non-security port to NONSSLPort.
Tenant/EnvName/EnvType/searchPort Optional Specify a value if you want to set searchPort, instead of using the default value.
Tenant/EnvName/EnvType/searchScheme Optional Specify a value if you want to set searchScheme, instead of using the default value.
Tenant/EnvName/EnvType/searchMasterHost Optional Specify a value if you want to set searchMasterHost, instead of using the default value.
Tenant/EnvName/EnvType/searchSlaveHost Optional Specify a value if you want to set searchSlaveHost, instead of using the default value.
Tenant/EnvName/EnvType/searchRepeaterHost Optional Specify a value if you want to set searchRepeaterHost, instead of using the default value.
Tenant/EnvName/certs/CertName Optional demo2/qa/certs/demo2qa-test={‘certificate’: ‘asdfadsfadsfads’, ‘destination_host’: ‘adsfadsf’, ‘issuing_ca’: ‘fadsfadsfads’, ‘keystorepass’: ‘adsfadsfads’, ‘private_key’: ‘adsfadsfasd’} You can add third-party certificate records.
Tenant/EnvName/certsBundle Optional demo2/qa/certsBundle={‘crsapp’: ‘demo2qa-testky’, ‘searchapp’: ‘demo2qa-test’, ‘storeapp’: ‘’, ‘tsapp’: ‘demo2qa-test’, ‘tsweb’: ‘’, ‘xcapp’: ‘’} You can create bundled certificates as a sample. When you deploy the environment, the container can detect the bundled certificates and apply them.
Database configurations
KeyPath Mandatory/Optional Sample value Comments
HCL Commerce Version 9.0.0.4 or laterTenant/EnvName/EnvType/dbType Mandatory The database type.
Accepted values are:
  • db2 for IBM Db2 Database.
  • oracle for Oracle Database.
Tenant/EnvName/EnvType/dbSSLEnable Optional false Specify whether the database connection uses SSL.
Accepted values are:
  • true for an SSL connection.
  • false for an unencrypted connection.
The default value is false.
Tenant/EnvName/EnvType/dbHost Mandatory The database host name for the environment.
Tenant/EnvName/EnvType/dbName Mandatory The database name.
Tenant/EnvName/EnvType/dbPort Mandatory The database port number.
Tenant/EnvName/EnvType/dbUser Mandatory The HCL Commerce database user name.
Tenant/EnvName/EnvType/dbPassword Mandatory The HCL Commerce database user password.
HCL Commerce Version 9.0.0.5 or laterTenant/EnvName/EnvType/dbPassEncrypt Mandatory The encrypted HCL Commerce database user password.
HCL Commerce Version 9.0.0.5 or laterTenant/EnvName/EnvType/dbaUser Mandatory The database administrator user name.
HCL Commerce Version 9.0.0.5 or laterTenant/EnvName/EnvType/dbaPassEncrypt Mandatory The encrypted database administrator user password.
Tenant/EnvName/EnvType/spiUserName Mandatory The spiuser user name.
Tenant/EnvName/EnvType/spiUserPwd Mandatory The ASCII encrypted spiuser user password.
Tenant/EnvName/EnvType/adminSpiUserPwd Mandatory The plain text spiuser user password.
Tenant/EnvName/EnvType/merchantKeyEncrypted Mandatory The encrypted merchant key, encrypted with the key encryption key. The merchant key was created when you or an administrator loaded the HCL Commerce database schema.
For more information, see:
Important: You must specify your own merchant key and key encryption key values for the security of your HCL Commerce installation. Do not use the default values contained within the provided sample configuration files and documentation examples.
Trace specification
KeyPath Mandatory/Optional Sample value Comments
Tenant/EnvName/EnvType/traceSpecification/ts-app Optional If you want to change the trace specification for the Transaction server, specify a value.
Tenant/EnvName/EnvType/traceSpecification/search-app Optional If you want to change the trace specification for the Search server, specify a value.
Tenant/EnvName/EnvType/traceSpecification/crs-app Optional If you want to change the trace specification for the Store server, specify a value.
Tenant/EnvName/EnvType/traceSpecification/xc-app Optional If you want to change the trace specification for the Customization server, specify a value.
Integration, and other miscellaneous configurations
KeyPath Mandatory/Optional Sample value Comments
Tenant/EnvName/EnvType/kafkaTopicPrefix Optional ${TENANT}${ENVIRONMENT}${ENVTYPE} Specify a value if you want to config ZooKeeper and Kafka. If no value is specified, the following default value is applied: ${TENANT}${ENVIRONMENT}${ENVTYPE}
Tenant/EnvName/EnvType/healthCenterEnable Optional boolean Specify a value if you want to enable Health Center.
Accepted values are:
  • true for enabling Health Center.
  • false for not enabling Heather Center.