Keptn Homepage
Keptn v1 reached EOL December 22, 2023. For more information see https://bit.ly/keptn
This documentation is for an older Keptn release. Please consider the newest one when working with the latest Keptn.

Home / Keptn v1 Docs / Release 0.13.x / Operate Keptn / User Management / OpenID Session Secrets

OpenID Session Secrets

This section explains the management of the session and database encryption secrets of the Keptn Bridge.

  • session secret: Used to hash the session of the user.
  • database encryption secret: Used to encrypt the session in the database.

Create session and database encryption secret

  • To create the session and database encryption secret, use the following commands provided by the operating system:

    • Use the following commands to generate the secrets and store the results into the environment variables session_secret and database_encrypt_secret

      session_secret=$(tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 45)
database_encrypt_secret=$(tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 32)

    • To create the secrets, execute:

      kubectl create secret generic -n keptn bridge-oauth --from-literal=session_secret="$session_secret" --from-literal=database_encrypt_secret="$database_encrypt_secret"

    • Use the following commands to generate the secrets and store the results into the environment variables session_secret and database_encrypt_secret

      session_secret=$(LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 45)
database_encrypt_secret=$(LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 32)

    • To create the secrets, execute:

      kubectl create secret generic -n keptn bridge-oauth --from-literal=session_secret="$session_secret" --from-literal=database_encrypt_secret="$database_encrypt_secret"

    • Use the following commands to generate the secrets and store the results into the environment variables session_secret and database_encrypt_secret

      $Env:session_secret =  Write-Output ( -join ((0x30..0x39) + ( 0x41..0x5A) + ( 0x61..0x7A) | Get-Random -Count 45  | % {[char]$_}) )
$Env:database_encrypt_secret =  Write-Output ( -join ((0x30..0x39) + ( 0x41..0x5A) + ( 0x61..0x7A) | Get-Random -Count 32  | % {[char]$_}) )

    • To create the secrets, execute:

      kubectl create secret generic -n keptn bridge-oauth --from-literal=session_secret="$Env:session_secret" --from-literal=database_encrypt_secret="$Env:database_encrypt_secret"

Reset session and database encryption secret

  • To reset the session and the database encryption secret of a Keptn installation, first delete the secret:

    kubectl delete secret -n keptn bridge-oauth

  • Create the secrets as explained above.

  • Re-start the Keptn Bridge to fetch the new secrets:

    kubectl delete pods -n keptn --selector=app.kubernetes.io/name=bridge

Microsoft

Back to top

Sitemap

Resources

Community

Keptn Homepage Keptn Homepage Keptn Keptn Homepage

Keptn is a CNCF Incubating Project. Initially created by Dynatrace in 2019.

© 2023 The Keptn Authors | Documentation Distributed under CC-BY-4.0
© 2023 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page.

This website is powered by Netlify