`

TAS Forms - secret creation guide for Docker Swarm

Generate Private and Public Keys

openssl req -x509 -newkey rsa:4096 -keyout private.key -out public.crt -sha256 -days 3650 -nodes

Copy the content of the private.key file, you will need it for the creation of a docker secret.

Create Private Key File on Server

  1. Create a file on the server that your instance of Team Assistant runs on:

    touch tas_forms_private.key

  2. Open the file in a text editor of your choice (this guide assumes vim):

    vim tas_forms_private.key

  3. Once you have the file open in your editor:

    • Paste the content of private.key file that you created earlier
    • Use vim options :set noeol and :set binary before you save and quit

Create Docker Secret

Create a docker swarm secret from the file (replace stack_name with the name of your instance):

docker secret create {stack_name}_forms_pk tas_forms_private.key

Verify the secret was created:

docker secret ls

You should see your secret in the list.

Update Instance Configuration

  1. Open your instance.yaml file and find the secrets: block.

  2. Add this entry:

        forms_pk:

          name: ${STACK_NAME}_forms_pk

          external: true

Note: The name: MUST match the first argument of the actual secret name we just created.

  • Reference the secret in your backend service.
    Note: If you're using TAS 5.7, you should also add this secret to backend-cron.

Update backend config ( local.js ) to use the secret

  1. Open your local.js file and find the secrets block, if it doesn't exist, create it, the indentation should be the same as the logger block
  2. Add this FormsPrivateKey: fs.readFileSync('/run/secrets/forms_pk', 'utf-8').trim(), to your secrets block and save the file

Apply Changes and Verify

  1. Redeploy the stack to apply changes.

  2. To verify that the secret is visible for the backend service we will exec into our backend container and see if the secret is really there

    docker exec -it $be_container_id bash

  3. Check if the secret exists in the secrets directory ( run inside of your backend container):

    ls /run/secrets/

    You should see the secret for tas_forms in the /run/secrets/ directory.

  4. Print out the contents of the secret for final verification ( run inside of your backend container):

    grep "" /run/secrets/forms_pk

Ivo Růžička Updated by Ivo Růžička

Activating the module on the environment

Contact

Syca (opens in a new tab)

Powered by HelpDocs (opens in a new tab)