Custom Credentials for Inter-Service Communication in Discovery Portal¶
Privacera Discovery communicates with Portal services for various operations through different APIs. By default, the privacera_service_discovery user is used for inter-service communication with default credentials. However, you can configure custom credentials to facilitate secure communication between Discovery and Portal services.
Prerequisites¶
Ensure the following prerequisites are met:
- Discovery is installed and running. Refer Discovery installation steps
Setup¶
To configure custom credentials for inter-service communication between Discovery and Portal, follow these steps:
Step 1: Migrate to privacera_service_discovery User¶
- If you are using any other user for inter-service communication, you can migrate to the privacera_service_discovery by updating the discovery configuration.
- If you are using the privacera_service_discovery user, you can skip this step.
- The privacera_service_discovery user is recommended for secure communication between Discovery and Portal services.
- The privacera_service_discovery user is pre-configured with the required permissions for inter-service communication and is available on Privacera Portal by default.
- Add the following property DISCOVERY_PORTAL_SERVICE_USERNAME to the respective cloud configuration file.
- For more information, refer to the Discovery Configuration section.
Step 2: Generate Custom Credentials¶
- Log in to Privacera:
- For Self-Managed, log in to the Privacera Portal.
- For Data Plane, log in to the Privacera Discovery Admin Console.
-
Ensure that the logged-in user holds the ROLE_SYS_ADMIN role to access the User Management section.
Note
For more information, refer to User Management.
-
Navigate to Settings > User Management.
- Select privacera_service_discovery user and click Edit.
- Click on Edit and add Old Password.
- To fetch the old password, run the following command:
-
Update the Old Password with the password fetched in the previous step.
Note
If keystore is enabled, the property will be prefixed with jceks: prefix. For example, jceks:discovery.portal.service.password. The password will be stored in the keystore file. To fetch the password, run the following command:
keystore-password - Replace with the keystore password.
For more information, refer to Keystore Configuration.Bash -
Enter the new password in the New Password and Confirm Password fields.
- Click Save to update the password.
Step 3: Update Discovery Configuration¶
- SSH into the instance where Privacera Manager is installed.
- Navigate to the privacera-manager directory using the following command:
Bash - Add the following property to the file below:
Bash | |
---|---|
Note
To prevent storing the password in plain text, you can enable Vault integration. For more information, refer to Vault Integration.
Restart Privacera Services¶
- Prev Advanced Configuration
- Next Troubleshooting