forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path_credhub-gcp-manual.html.md.erb
19 lines (19 loc) · 2.12 KB
/
_credhub-gcp-manual.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
1. Select **Credhub**.
1. Choose the location of your CredHub Database. PAS includes this CredHub database for services to store their service instance credentials.
1. If you chose **External**, enter the following:
* **Hostname**: The IP address of the Google Cloud SQL instance that you created in [Step 6: Create Database Instance and Databases](./gcp-prepare-env.html#dbs) of the _Preparing to Deploy PCF on GCP_ topic. You can obtain this address from the Instances dashboard of the **SQL** configuration page in the GCP Console.
* **TCP Port**: The port of your database server, `3306`.
* **Username**: The username that can access this specific database on the database server. You created users in [Preparing to Deploy PCF on GCP](./gcp-prepare-env.html#dbs).
* **Password**: The password for the provided username.
* **Database CA Certificate**: Enter a certificate to use for encrypting traffic to and from the database.
1. Under **Encryption Keys**, specify a key to use for encrypting and decrypting the values stored in the CredHub database.
* **Name**: Enter the name of the key.
* **Key**: Enter a key that is at least 20 characters in length.
* **Primary**: Select this checkbox to use this key as your primary key.
<p class="note"><strong>Note</strong>: Ensure that you only mark one key as <b>Primary</b>. The UI includes an <b>Add</b> button to add more keys to support key rotation. For more information, see the [Rotating Runtime CredHub Encryption Keys](../opsguide/credential-rotation.html) topic.
</p>
1. If your deployment uses any PCF services that support storing service instance credentials in CredHub and you want to enable this feature, select the **Secure Service Instance Credentials** checkbox.
1. Select the **Resource Config** pane.
1. Under the **Job** column of the **CredHub** row, set the number of instances to `2`. This is the minimum instance count required for high availability.
1. To use the runtime CredHub feature, follow the additional steps in <a href="../opsguide/secure-si-creds.html#pas-config">Securing Service Instance Credentials with Runtime CredHub</a>.</p>