6.4.4. External secrets

If your container platform supports secrets management, an opaque secrets file can be mounted directly into the IAM container. This replaces the default JCEKS used for IAM sensitive values (see 9.3. Storing sensitive configuration values externally with more direct platform integration).

First, create an opaque secrets file according to applicable instructions for Kubernetes, OpenShift or Docker Swarm.

The secrets file can be mounted to any location in the container, e.g. /my-iam-secrets.properties. The path can be configured using the application parameter iam.sensitive.values.config (as environment variable: IAM_SENSITIVE_VALUE_CONFIG).

See also 8.1. Application parameters.

copy
IAM_SENSITIVE_VALUES_CONFIG=secrets:/my-iam-secrets.properties