Securely managing DB credentials for DV Authentication Management Component

Userlevel 5
  • Community Manager
  • 21 replies

Storing database credentials can pose a security risk. In this article, we'll guide you through setting up DataVirtuality's Authentication Management Component as a service, allowing you to retrieve DB credentials from AWS Secrets Manager.

1. Prerequisites

Ensure you have DataVirtuality set up with Authentication Management Component and have AWS CLI configured for the root user. If you haven't set up AWS CLI yet, refer to the official documentation.

2. DB username/password in AWS SM

Add a key-value pair for username and password in AWS Secrets Manager and take note of the name for later use.



3. Bash script for retrieving the data

Adjust the --secret-id parameter to match the name of your secret. Also, update the path in the last line to point to your DV Authentication Management Component folder.

Save the script as /opt/datavirtuality/auth_mgmt_tool/bin/


#!/bin/bash# Assuming your string is stored in a variable called 'input_string'input_string=$(aws secretsmanager get-secret-value --secret-id postgres/password3 --query SecretString --output text)# Remove the leading and trailing curly bracescleaned_string=${input_string:1:-1}# Split the string into an array based on the colonIFS=':' read -r -a parts <<< "$cleaned_string"# Remove leading and trailing whitespace and quotes from Username and passwordUsername=$(echo "${parts[0]}" | tr -d ' ')Username=${Username:1:-1}password=$(echo "${parts[1]}" | tr -d ' ')password=${password:1:-1}export KC_DB_USERNAME=$Usernameexport KC_DB_PASSWORD=$password/opt/datavirtuality/auth_mgmt_tool/bin/ start-dev --http-port=8081 --db postgres --db-url-port 54322 --db-schema=public --db-url jdbc:postgresql://localhost:54322/config --hostname-strict=false

4. Service file

Create a service file for the Authentication Management tool and place it in /usr/lib/systemd/system/folder.

[Unit]Description=Keycloak Application[Service]Type=idleRemainAfterExit=yesExecStart=/opt/datavirtuality/auth_mgmt_tool/bin/ start-dev --http-port=8081 --db postgres --db-url-port 54322 --db-schema=public --db-url jdbc:postgresql://localhost:54322/config --hostname-strict=false[Install]

Run the following commands after creating the service file. 

systemctl daemon-reload systemctl enable --now dvauth

You should now see your service running.

0 replies

Be the first to reply!