Use an External Service

You may want to refer to an external service rather than the small-scale services running in the cluster from a reference deployment.

Examples include:

• PostgreSQL

• Kafka

Warning

CRITICAL SECURITY REQUIREMENT

NEVER commit files containing secrets such as .env or JWT to version control. These files must be managed securely.

As part of updating the inputs for your deployment:

1. Review the template secret files

2. Set strong secrets for the values, such as strong passwords

3. Store the secret securely outside your repository using one of these methods:

   • Cloud secrets management service

   • Enterprise secrets vault solution

   • Kubernetes Secrets with encryption at rest

   • Secure file system with restricted access (development only)

4. Configure your deployment to retrieve credentials from your secure storage at runtime

5. Add the secrets files to your .gitignore file immediately

1. You should create your secret values in a secure location and reflect them in Kubernetes Secrets.

2. The name of the secret should be the one already used by the respective deployment, e.g. ess-webid-postgres-credentials for the WebID Service database

3. Continue with the rest of the Applying Your Customizations procedure.