Portworx Documentation has moved to https://docs.portworx.com

Portworx Enterprise version 2.13 has reached end of life and end of extended maintenance. Refer to the release support policy doc here.
Upgrade to the latest version of Portworx Enterprise for continued support. Documentation for the latest version of Portworx Enterprise can be found here.

---

This guide uses a model based on shared secrets as the method to create and verify tokens. The goal is to store the shared secrets in a secure Kubernetes Secret object to then provide to Portworx.

1. Generate secure secrets and save the values in environment variables:

   PORTWORX_AUTH_SYSTEM_KEY=$(cat /dev/urandom | base64 | fold -w 64 | head -n 1) \
   PORTWORX_AUTH_SYSTEM_APPS_KEY=$(cat /dev/urandom | base64 | fold -w 64 | head -n 1) \
   PORTWORX_AUTH_SHARED_SECRET=$(cat /dev/urandom | base64 | fold -w 64 | head -n 1)

2. Store these shared secrets securely in a Kubernetes secret called pxkeys in the kube-system namespace:

   kubectl -n kube-system create secret generic pxkeys \
       --from-literal=system-secret=$PORTWORX_AUTH_SYSTEM_KEY \
       --from-literal=stork-secret=$PORTWORX_AUTH_SYSTEM_APPS_KEY \
       --from-literal=shared-secret=$PORTWORX_AUTH_SHARED_SECRET

3. Verify that the secret stored is correct by comparing $PORTWORX_AUTH_SHARED_SECRET with the value returned below:

   kubectl -n kube-system get secret pxkeys -o json | jq -r '.data."shared-secret"' | base64 -d

Once you’ve completed the steps in this section, continue to the Enable security in Portworx section.

---