.. _before-you-start: Before You Start ================================================================================ This guide assumes you have an Azure account with an active Azure subscription. .. _credentials: Credentials involved -------------------------------------------------------------------------------- Several passwords and secrets are required by the inoQulate solution and **automatically generated** for you. Each of these passwords and secrets are 30 random alphanumeric characters stored as Kubernetes Secrets in your AKS cluster. To see the actual value of the secrets or passwords, run the command in the **Read Value Column** in your cluster. See :ref:`connect-to-cluster`. A summary of all generated passwords and secrets is in the following table. .. list-table:: Passwords and Secrets :widths: auto :header-rows: 1 * - Credentials - Purpose - Read Value Command * - Password for Database Admin ``postgres`` - Access the PostgreSQL database as an admin. This database stores the configuration of EJBCA and Signserver. - .. code-block:: shell kubectl get secret \ db-admin-creds \ -o jsonpath=\ '{.data.password}' | base64 --decode * - Database Password for EJBCA - For the EJBCA application to access the database. EJBCA accesses the database ``ejbca`` as the user ``ejbca``. - .. code-block:: shell kubectl get secret \ ejbca-creds \ -o jsonpath=\ '{.data.dbpassword}' | base64 --decode * - Database Username for Signserver - For the Signserver application to access the database. Signserver accesses the database ``signserver`` as the user ``signserver``. - .. code-block:: shell kubectl get secret \ signserver-creds \ -o jsonpath=\ '{.data.dbpassword}' | base64 --decode * - Trust Store Password - For the Java Truststore of the service runner to store TLS certificates of Signserver. - .. code-block:: shell kubectl get secret \ servicerunner-truststore-creds \ -o jsonpath=\ '{.data.password}' | base64 --decode .. _client-cert-password: * - Client Cert Password - The password for the Client Certificate (``.p12`` file) to access the EJBCA and Signserver admin pages. - .. code-block:: shell kubectl get secret \ superadmin-creds \ -o jsonpath=\ '{.data.password}' | base64 --decode * - Signserver TLS Keystore Password - The password to the Java Keystore holding the TLS Certificate for the Signserver. - .. code-block:: shell kubectl get secret \ signserver-creds \ -o jsonpath=\ '{.data.tlspassword}' | base64 --decode * - EJBCA SoftHSM SO PIN - The PIN to access the management functions of the SoftHSM installed in the EJBCA application. - .. code-block:: shell kubectl get secret \ ejbca-creds \ -o jsonpath=\ '{.data.softhsmsopin}' | base64 --decode * - EJBCA User PIN - The PIN to use the cryptographic keys of the SoftHSM installed in the EJBCA application. - .. code-block:: shell kubectl get secret \ ejbca-creds \ -o jsonpath=\ '{.data.softhsmuserpin}' | base64 --decode * - Signserver SO PIN - The PIN to access the management functions of the SoftHSM installed in the Signserver application. - .. code-block:: shell kubectl get secret \ signserver-creds \ -o jsonpath=\ '{.data.softhsmsopin}' | base64 --decode * - Signserver User PIN - The PIN to use the cryptographic keys of the SoftHSM installed in the Signserver application. - .. code-block:: shell kubectl get secret \ signserver-creds \ -o jsonpath=\ '{.data.softhsmuserpin}' | base64 --decode * - Signserver Entity Password - The password used to register Signserver as an application under the new CA. - .. code-block:: shell kubectl get secret \ signserver-creds \ -o jsonpath=\ '{.data.entitypassword}' | base64 --decode Register Resource Providers -------------------------------------------------------------------------------- There are certain Azure resource providers required in deploying our inoQulate solution: - ``Microsoft.ContainerService`` - ``Microsoft.OperationsManagement`` Please register the above providers before subscribing to our inoQulate solution. #. In the Azure `portal `_, enter ``Subscriptions`` in the search box. Select **Subscriptions**. #. Click the subscription you intend to deploy the solution in. #. In the left sidebar, under the **Settings** section, click **Resource providers**. #. For each of the above providers, if it is not registered, click **Register** at the top.