Injected Configuration

The configuration that must be present for the TIBCO BPM Enterprise container to be started is injected into the pod using environment variables.

The following are the environment variables that are injected into the pod before container startup:

SSL Configurations

The following SSL Configuration environment variables are provided in the deployment samples that are included with the TIBCO BPM Enterprise installer.

Parameter Description
JDBC_SSL_CONFIG This is the SSL configuration for the JDBC connection. It is essentially a direct passthrough to the JDBC driver. A basic PostgreSQL example is:
ssl=true;sslmode=verify-full;sslrootcert=<full_path_to_ssl_root_certificate>

Since this is a passthrough to the driver, you can look at the PostgreSQL JDBC driver specification for more details.

Note that it's important that the <full_path_to_ssl_root_certificate> is the full path as seen from inside the container. Essentially, it involves getting the SSL certificate mounted into the container on a specific path, which is then used as <full_path_to_ssl_root_certificate>.

LDAP_<GROUP_NAME>_SSLCERT This is for LDAP SSL, where GROUP_NAME is the same as the other LDAP environment variable (see above). For example, if you have LDAP_SYSTEM_ALIAS defined for an LDAP Directory Connection, this would be LDAP_SYSTEM_SSLCERT. Its value is simply the full path to the certificate required to connect to the LDAP server, much like it is for JDBC. The difference here is that it is the only component of the value, so an example value is simply:

<full_path_to_ldap_ssl_certificate>

You would make this certificate available to the container the same way as you would for JDBC.