Using secret to avoid passwords in plain text

To use a secret to avoid using passwords in plain text, complete the following steps:

Procedure

  1. On a Linux virtual machine, run the following command:
    echo -n 'unica*03' | base64
    You will see the following output: "dW5pY2EqMDM="
  2. Create a YAML file (example unicadbSecret.yaml) and in the YAML file add the following parameters:
    apiVersion: v1
    kind: Secret
    metadata:
    name: unica-db-token
    type: Opaque
    data:
    PLATFORM_DATABASE_PASSWORD: "dW5pY2EqMDM="
  3. To use the password in Unica Platform, update the Platform deployment, and wherever envFrom exists, add the the following code:
    envFrom:
    - secretRef:
    name: unica-db-token
    - configMapRef:
  4. Either comment or delete the parameter PLATFORM_DATABASE_PASSWORD: unica*03 from the platform-configMap.yaml file.

What to do next

Note:
  • The same unicadbSecret.yaml can be used for multiple Unica product database passwords. Repeat Step 3 and Step 4 for each products deployment and their respectiv configmap.yaml file. For example, in case of Unica Plan, with PLAN_DATABASE_PASSWORD: unica*03, add the following lines of code
    apiVersion: v1
    kind: Secret
    metadata:
    name: unica-db-token
    type: Opaque
    data:
    PLATFORM_DATABASE_PASSWORD: "dW5pY2EqMDM="
    PLAN_DATABASE_PASSWORD: "dW5pY2EqMDM="

    In this case, update the Plan deployment and configmap.yaml file.

  • Limit the secret size to 1 MB. If the secret size is more than 1 MB, split it into multiple tokens.