Storing database credentials can pose a security risk. In this article, we'll guide you through setting up DataVirtuality's Authentication Management Component as a service, allowing you to retrieve DB credentials from AWS Secrets Manager.
1. Prerequisites
Ensure you have DataVirtuality set up with Authentication Management Component and have AWS CLI configured for the root user. If you haven't set up AWS CLI yet, refer to the official documentation.
2. DB username/password in AWS SM
Add a key-value pair for username and password in AWS Secrets Manager and take note of the name for later use.
3. Bash script for retrieving the data
Adjust the --secret-id parameter to match the name of your secret. Also, update the path in the last line to point to your DV Authentication Management Component folder.
Save the script as /opt/datavirtuality/auth_mgmt_tool/bin/auth_management.sh.
#!/bin/bash# Assuming your string is stored in a variable called 'input_string'input_string=$(aws secretsmanager get-secret-value --secret-id postgres/password3 --query SecretString --output text)# Remove the leading and trailing curly bracescleaned_string=${input_string:1:-1}# Split the string into an array based on the colonIFS=':' read -r -a parts <<< "$cleaned_string"# Remove leading and trailing whitespace and quotes from Username and passwordUsername=$(echo "${parts[0]}" | tr -d ' ')Username=${Username:1:-1}password=$(echo "${parts[1]}" | tr -d ' ')password=${password:1:-1}export KC_DB_USERNAME=$Usernameexport KC_DB_PASSWORD=$password/opt/datavirtuality/auth_mgmt_tool/bin/kc.sh start-dev --http-port=8081 --db postgres --db-url-port 54322 --db-schema=public --db-url jdbc:postgresql://localhost:54322/config --hostname-strict=false4. Service file
Create a service file for the Authentication Management tool and place it in /usr/lib/systemd/system/folder.
[Unit]Description=Keycloak Application ServerAfter=syslog.target network.target[Service]Type=idleRemainAfterExit=yesExecStart=/opt/datavirtuality/auth_mgmt_tool/bin/kc.sh start-dev --http-port=8081 --db postgres --db-url-port 54322 --db-schema=public --db-url jdbc:postgresql://localhost:54322/config --hostname-strict=false[Install]WantedBy=multi-user.target
Run the following commands after creating the service file.
systemctl daemon-reload systemctl enable --now dvauth
You should now see your service running.
