diff --git a/assemblies/assembly-managing-and-monitoring-business-processes.adoc b/assemblies/assembly-managing-and-monitoring-business-processes.adoc index faeb4d452c..251918e649 100644 --- a/assemblies/assembly-managing-and-monitoring-business-processes.adoc +++ b/assemblies/assembly-managing-and-monitoring-business-processes.adoc @@ -73,6 +73,7 @@ include::{jbpm-dir}/CoreEngine/error-list-cleanup-proc.adoc[leveloffset=+2] include::{enterprise-dir}/processes/process-instance-migration-con.adoc[leveloffset=+1] include::{enterprise-dir}/processes/process-instance-migration-installing-service-proc.adoc[leveloffset=+2] +include::{enterprise-dir}/processes/using-keystore-vault-proc.adoc[leveloffset=+2] include::{enterprise-dir}/processes/process-instance-migration-creating-plan-proc.adoc[leveloffset=+2] include::{enterprise-dir}/processes/process-instance-migration-editing-plan-proc.adoc[leveloffset=+2] include::{enterprise-dir}/processes/process-instance-migration-exporting-plan-proc.adoc[leveloffset=+2] diff --git a/doc-content/enterprise-only/processes/process-instance-migration-con.adoc b/doc-content/enterprise-only/processes/process-instance-migration-con.adoc index 6607c08765..22cf0147f5 100644 --- a/doc-content/enterprise-only/processes/process-instance-migration-con.adoc +++ b/doc-content/enterprise-only/processes/process-instance-migration-con.adoc @@ -3,4 +3,4 @@ Process instance migration (PIM) is a standalone service containing a user interface and a back-end. It is packaged as a Quarkus mutable JAR file. You can use the PIM service to define the migration between two different process definitions, known as a migration plan. The user can then apply the migration plan to the running process instance in a specific {KIE_SERVER}. -For more information about the PIM service, see https://github.com/kiegroup/droolsjbpm-integration/tree/master/process-migration-service[Process Instance Migration Service] in https://github.com/kiegroup[_KIE (Drools, OptaPlanner and jBPM )_]. +For more information about the PIM service, see the README file in https://github.com/kiegroup/process-migration-service[Process Instance Migration Service] in https://github.com/kiegroup[_KIE (Drools, OptaPlanner and jBPM )_]. diff --git a/doc-content/enterprise-only/processes/using-keystore-vault-proc.adoc b/doc-content/enterprise-only/processes/using-keystore-vault-proc.adoc new file mode 100644 index 0000000000..4dbab60211 --- /dev/null +++ b/doc-content/enterprise-only/processes/using-keystore-vault-proc.adoc @@ -0,0 +1,59 @@ +[id='using-keystore-vault-proc-{context}'] += Using Keystore Vault + +You can use the Quarkiverse File Vault extension to store credentials as keystore files and use the `file` method to use the keystore files with the Process Instance Migration (PIM) Keystore Vault. For more information about the Quarkiverse File Vault extension, see https://github.com/quarkiverse/quarkus-file-vault[Quarkiverse File Vault]. For more information about using the KeyStore Vault, see https://github.com/kiegroup/process-migration-service#using-keystore-vault[Using Keystore Vault] on GitHub. For more information about credentials provision, see the https://quarkus.io/guides/credentials-provider[Credentials Provider] section on GitHub. ++ +[NOTE] +==== +You can only use database and {KIE_SERVER} related credentials for PIM configurations. +==== + +.Procedure + +. To add passwords to anew or existing keystore file for the PIM Keystore Vault, use the `keytool` command. For example: ++ +[source] +---- +$ keytool -importpass -alias pimdb -keystore pimvault.p12 -storepass password -storetype PKCS12 +$ keytool -importpass -alias kieserver -keystore pimvault.p12 -storepass password -storetype PKCS12 +$ keytool -importpass -alias cert -keystore pimvault.p12 -storepass password -storetype PKCS12 +$ keytool -importpass -alias keystore -keystore pimvault.p12 -storepass password -storetype PKCS12 +$ keytool -importpass -alias truststore -keystore pimvault.p12 -storepass password -storetype PKCS12 +---- +. Configure the PIM Keystore Vault to use the keystore file. For example: ++ +[source, yaml] +---- +quarkus: + file: + vault: + provider: + pim: + path: pimvault.p12 + secret: ${vault.storepassword} # This will be provided as a property +---- +. Configure your application to use the credentials from the vault. For example: ++ +[source, yaml] +---- +quarkus: + datasource: + credentials-provider: quarkus.file.vault.provider.pim.pimdb +kieservers: + - host: http://localhost:18080/kie-server/services/rest/server + credentials-provider: quarkus.file.vault.provider.pim.kieserver +---- +. To start PIM with the configured credentials, specify the credentials as an environment variable or as a system property. For example: +** As an environment variable: ++ +[source] +---- +VAULT_STOREPASSWORD=mysecret java -jar quarkus-app/quarkus-run.jar +---- + +** As a system property: ++ +[source] +---- +java -Dvault.storepassword=password -jar quarkus-app/quarkus-run.jar +----