Home / Keptn v1 Docs / Release 0.19.x / Operate Keptn / User Management / OpenID Session Secrets
This section explains the management of the session and database encryption secrets of the Keptn Bridge.
session secret
: Used to hash the session of the user.database encryption secret
: Used to encrypt the session in the database.To create the session and database encryption secret, use the following commands provided by the operating system:
Use the following commands to generate the secrets and store the results into the environment variables session_secret
and database_encrypt_secret
session_secret=$(tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 45)
database_encrypt_secret=$(tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 32)
To create the secrets, execute:
kubectl create secret generic -n keptn bridge-oauth --from-literal=session_secret="$session_secret" --from-literal=database_encrypt_secret="$database_encrypt_secret"
Use the following commands to generate the secrets and store the results into the environment variables session_secret
and database_encrypt_secret
session_secret=$(LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 45)
database_encrypt_secret=$(LC_CTYPE=C tr -dc "a-zA-Z0-9" < /dev/urandom | head -c 32)
To create the secrets, execute:
kubectl create secret generic -n keptn bridge-oauth --from-literal=session_secret="$session_secret" --from-literal=database_encrypt_secret="$database_encrypt_secret"
Use the following commands to generate the secrets and store the results into the environment variables session_secret
and database_encrypt_secret
$Env:session_secret = Write-Output ( -join ((0x30..0x39) + ( 0x41..0x5A) + ( 0x61..0x7A) | Get-Random -Count 45 | % {[char]$_}) )
$Env:database_encrypt_secret = Write-Output ( -join ((0x30..0x39) + ( 0x41..0x5A) + ( 0x61..0x7A) | Get-Random -Count 32 | % {[char]$_}) )
To create the secrets, execute:
kubectl create secret generic -n keptn bridge-oauth --from-literal=session_secret="$Env:session_secret" --from-literal=database_encrypt_secret="$Env:database_encrypt_secret"
To reset the session and the database encryption secret of a Keptn installation, first delete the secret:
kubectl delete secret -n keptn bridge-oauth
Create the secrets as explained above.
Re-start the Keptn Bridge to fetch the new secrets:
kubectl delete pods -n keptn --selector=app.kubernetes.io/name=bridge