Integration
Hide about this portal


This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Add a new idea Subscribe
Status Future consideration
Workspace App Connect
Created by Guest
Created on Nov 26, 2024

RELATED IDEAS

ACE integration runtime configuration object for ACE Vault

See this idea on ideas.ibm.com

Since a few years we have been running ACE on CP4I on Openshift.

We do not use the mqsisetdbparms object for ACE credentials since it slows down the ACE integration runtime/server startup (we have one big file per environment) and if the developer makes a mistake in one of the credentials, the pod startup fails, if there is a cluster restart (such as an Openshift upgrade) all ACE pods would fail which causes business downtime.

Therefore we are using the ACE integration runtime "generic" configuration object to mount the ACE Vault (with a simlink ofcourse) as a workaround: the mqsicredentials commands are run on a "unique ACE pod" using GNU Parallel to speed up the execution, the result of which is ACE Vault zipped and ready to be mounted onto an ACE integration runtime pod. We also have a webhook on the Openshift secret that holds the mqsicredentials commands so that when user updates the secret, the "unique ACE pod" would trigger a fresh addition of credentials into a pre-built Vault. It works very well and the pod startup is instant as the Vault is initialized on startup with the vault-key passed as an environment variable, but it would be the ideal solution if you'd offer this functionality as part of the ACE configuration object.

How it should work: The ACE credentials file consisting of all the mqsicredentials commands would be added to the ACE configuration object called "aceVault" which would construct an ACE vault and then execute the mqsicredentials commands and create an Openshift secret holding the ACE Vault file ready to be mounted onto the ACE integration runtime pods.

Official documentation: https://www.ibm.com/docs/en/app-connect/containers_cd?topic=resources-configuration-reference

Idea priority Medium
  • Admin
    Ben Thompson
    Reply
    |     Dec 4, 2024

    Thank you for taking the time to raise this idea. We find this an interesting topic and we are moving the suggestion to Future Consideration. Currently we note quite a variation in the way our users prefer to deal with credentials, so whilst this might help a subset of our users, we feel that the community is likely to be quite divided about this suggestion. In general, if revisiting the area of credentials we would likely also consider how to synchronize local vaults in line with 3rd party vault technology. One attractive aspect of the proposal is of course the positive impact on container start-time.

  • Guest
    Reply
    |     Nov 28, 2024

    Hi Abu, Thanks for raising this - passing it onto the App Connect team for appropriate review.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.