Step 1: Generate shared secrets

This guide uses a model based on shared secrets as the method to create and verify tokens. The goal is to store the shared secrets in a secure Kubernetes Secret object to then provide to Portworx.

1. Generate secure secrets and save the values in environment variables:

   PORTWORX_AUTH_SYSTEM_KEY=$(cat /dev/urandom | base64 | fold -w 64 | head -n 1) \
   PORTWORX_AUTH_SYSTEM_APPS_KEY=$(cat /dev/urandom | base64 | fold -w 64 | head -n 1) \
   PORTWORX_AUTH_SHARED_SECRET=$(cat /dev/urandom | base64 | fold -w 64 | head -n 1)

2. Store these shared secrets securely in a Kubernetes secret called pxkeys in the kube-system namespace:

   kubectl -n kube-system create secret generic pxkeys \
       --from-literal=system-secret=$PORTWORX_AUTH_SYSTEM_KEY \
       --from-literal=stork-secret=$PORTWORX_AUTH_SYSTEM_APPS_KEY \
       --from-literal=shared-secret=$PORTWORX_AUTH_SHARED_SECRET

3. Verify that the secret stored is correct by comparing $PORTWORX_AUTH_SHARED_SECRET with the value returned below:

   kubectl -n kube-system get secret pxkeys -o json | jq -r '.data."shared-secret"' | base64 -d

Once you’ve completed the steps in this section, continue to the Enable security in Portworx section.