Environment data in Vault
Vault is supported for storing sensitive key-value pairs for Docker configuration. If you want to use this method of environment configuration, set CONFIGURE_MODE to Vault. With this setting, startup scripts fetch environment-related data from Vault when you start a Docker container.
You can have a Vault Tenant to represent your company (For example,
MyCompany), EnvironmentName
(For example,
Non-production), and EnvironmentType
(For example,
auth).
Storing key-value pairs in Vault
To set up Vault, see the Vault website. When you have a Vault ready for use, you can complete the following steps to store and retrieve key-value pairs.- Create a mount point based on the {Tenant}.For example,
init_json='json_data={"type":"generic","description":"description","config":{"max_lease_ttl":"876000"}}' header="X-Vault-Token:vaultToken"
curl -X POST -H $header -H "Content-Type:application/json" -d '{"type":"generic","description":"description","config":{"max_lease_ttl":"876000"}}' http://vaultIP:vaultPort/v1/sys/mounts/tenant
- Store key-value pair data by using the following
command.
For example, to store the value "mall" for a key name "dbName" under path MyCompany/Non-production/auth/dbName:curl -X POST -H "X-Vault-Token:vaultToken" -d '{"value":"value"}' http://vaultIP:vaultPort/v1/tenant/environmentName/enviromentType/targetKey
curl -X POST -H "X-Vault-Token:7f47efbb-b162-619b-0ced-448079d91b77" -d '{"value":"mall"}' http://myhostname.com:8200/v1/MyCompany/Non-production/auth/dbName
Retrieving key-value pairs in Vault
Retrieve key-value pair data by using the following command.curl -X GET -H "X-Vault-Token:vaultToken" http://VaultIP:VaultPort/v1/tenant/environmentName/enviromentType/targetKey | jq -r .data.value
Key-value data structure in Consul/Vault
The following tables list all of the default key-value paths on Consul/Vault.
The default EnvType values are auth
and
live
.
You can add your key-value paths based on your business requirements and define custom logic to fetch them.
KeyPath | Mandatory/Optional | Sample value | Comments |
---|---|---|---|
Tenant/EnvName/domainName | Optional | default.svc.cluster.local | If no value is specified, then the default
default.svc.cluster.local is used. |
Tenant/EnvName/externalDomainName | Optional | mycompany.com | This value specifies the store-web external domain name, which can be
recognized by your browser. For example, in the hostname
|
Tenant/EnvName/kafkaServers | Optional | Specify a value if you want to enable ZooKeeper and Kafka. The format for
this key-value pair is as
follows:
|
|
Tenant/EnvName/zooKeeperServers | Optional | Specify a value if you want to enable ZooKeeper and Kafka. The format for
this key-value pair is as
follows:
|
|
Tenant/EnvName/EnvType/txnPort | Optional | Specify a value if you want to set txnPort, instead of using the default value. | |
Tenant/EnvName/EnvType/txHost | Optional | Specify a value if you want to set txHost, instead of using the default value. | |
Tenant/EnvName/EnvType/txPort | Optional | Specify a value if you want to set txPort, instead of using the default value. | |
Tenant/EnvName/EnvType/xcHost | Optional | Specify a value if you want to set xcHost, instead of using the default value. | |
Tenant/EnvName/EnvType/xcPort | Optional | Specify a value if you want to set xcPort, instead of using the default value. | |
Tenant/EnvName/EnvType/storeHost | Optional | Specify a value if you want to set storeHost, instead of using the default value. | |
Tenant/EnvName/EnvType/storePort | Optional | Specify a value if you want to set storePort, instead of using the default value. | |
Tenant/EnvName/EnvType/storeWebHost | Optional | Specify a value if you want to set storeWebHost, instead of using the default value. | |
Tenant/EnvName/EnvType/storeWebPort | Optional | Specify a value if you want to set storeWebPort, instead of using the default value. | |
Optional | Specify if you want to set the store access non-security port to NONSSLPort. | ||
Tenant/EnvName/EnvType/searchPort | Optional | Specify a value if you want to set searchPort, instead of using the default value. | |
Tenant/EnvName/EnvType/searchScheme | Optional | Specify a value if you want to set searchScheme, instead of using the default value. | |
Tenant/EnvName/EnvType/searchMasterHost | Optional | Specify a value if you want to set searchMasterHost, instead of using the default value. | |
Tenant/EnvName/EnvType/searchSlaveHost | Optional | Specify a value if you want to set searchSlaveHost, instead of using the default value. | |
Tenant/EnvName/EnvType/searchRepeaterHost | Optional | Specify a value if you want to set searchRepeaterHost, instead of using the default value. | |
Tenant/EnvName/certs/CertName | Optional | demo2/qa/certs/demo2qa-test={‘certificate’: ‘asdfadsfadsfads’, ‘destination_host’: ‘adsfadsf’, ‘issuing_ca’: ‘fadsfadsfads’, ‘keystorepass’: ‘adsfadsfads’, ‘private_key’: ‘adsfadsfasd’} | You can add third-party certificate records. |
Tenant/EnvName/certsBundle | Optional | demo2/qa/certsBundle={‘crsapp’: ‘demo2qa-testky’, ‘searchapp’: ‘demo2qa-test’, ‘storeapp’: ‘’, ‘tsapp’: ‘demo2qa-test’, ‘tsweb’: ‘’, ‘xcapp’: ‘’} | You can create bundled certificates as a sample. When you deploy the environment, the container can detect the bundled certificates and apply them. |
KeyPath | Mandatory/Optional | Sample value | Comments |
---|---|---|---|
![]() |
Mandatory | The database type. Accepted values are:
|
|
Tenant/EnvName/EnvType/dbSSLEnable | Optional | false |
Specify whether the database connection uses SSL. Accepted values are:
false . |
Tenant/EnvName/EnvType/dbHost | Mandatory | The database host name for the environment. | |
Tenant/EnvName/EnvType/dbName | Mandatory | The database name. | |
Tenant/EnvName/EnvType/dbPort | Mandatory | The database port number. | |
Tenant/EnvName/EnvType/dbUser | Mandatory | The HCL Commerce database user name. | |
Tenant/EnvName/EnvType/dbPassword | Mandatory | The HCL Commerce database user password. | |
![]() |
Mandatory | The encrypted HCL Commerce database user password. | |
![]() |
Mandatory | The database administrator user name. | |
![]() |
Mandatory | The encrypted database administrator user password. | |
Tenant/EnvName/EnvType/spiUserName | Mandatory | The spiuser user name. | |
Tenant/EnvName/EnvType/spiUserPwd | Mandatory | The ASCII encrypted spiuser user password. | |
Tenant/EnvName/EnvType/adminSpiUserPwd | Mandatory | The plain text spiuser user password. | |
Tenant/EnvName/EnvType/merchantKeyEncrypted | Mandatory | The encrypted merchant key, encrypted with the key encryption key. The
merchant key was created when you or an administrator loaded the HCL Commerce database schema. For more information, see: Important: You must specify your own merchant key and key
encryption key values for the security of your HCL Commerce installation. Do not
use the default values contained within the provided sample configuration files and
documentation examples. |
KeyPath | Mandatory/Optional | Sample value | Comments |
---|---|---|---|
Tenant/EnvName/EnvType/traceSpecification/ts-app | Optional | If you want to change the trace specification for the Transaction server, specify a value. | |
Tenant/EnvName/EnvType/traceSpecification/search-app | Optional | If you want to change the trace specification for the Search server, specify a value. | |
Tenant/EnvName/EnvType/traceSpecification/crs-app | Optional | If you want to change the trace specification for the Store server, specify a value. | |
Tenant/EnvName/EnvType/traceSpecification/xc-app | Optional | If you want to change the trace specification for the Customization server, specify a value. |
KeyPath | Mandatory/Optional | Sample value | Comments |
---|---|---|---|
Tenant/EnvName/EnvType/kafkaTopicPrefix | Optional | ${TENANT}${ENVIRONMENT}${ENVTYPE} | Specify a value if you want to config ZooKeeper and Kafka. If no value is specified, the following default value is applied: ${TENANT}${ENVIRONMENT}${ENVTYPE} |
Tenant/EnvName/EnvType/healthCenterEnable | Optional | boolean | Specify a value if you want to enable Health Center. Accepted values
are:
|