Digital Developer Conference: Cloud Security 2021 – Build the skills to secure your cloud and data Register free

Connect databases to your app easily and securely with OpenShift secrets

Applications today are built in many different source codes and in many components. Therefore, the concept of microservices is important: You build your application in different small pieces (containers) and use some orchestration tool that can orchestrate your processes simply and ensure that all tasks happen in the proper order.

Connecting databases to your application or website can be a real pain, especially with changing environments. It would be so much easier if you had a seemless switch between different databases and work environments like development, test, and deploying. You need an easy, yet secure way to do that, and with OpenShift secrets, you can create a connection to your database in seconds while ensuring the privacy of your credentials.

Red Hat OpenShift has emerged as a leading hybrid cloud, enterprise Kubernetes application platform that can help with containerizing, deploying, and monitoring your application. It delivers a cloud-like experience as a self-managing platform with automatic software updates and lifecycle management across hybrid cloud environments.

This tutorial shows how easy it is to deploy an app and connect it securely to a database elsewhere using OpenShift secrets to ensure credentials are encrypted yet accessible to our application. OpenShift automatically detects your framework and containerizes, deploys, and manages your application in a span of minutes. You learn how to deploy a Flask app to OpenShift and use a secret to connect to a Db2 database.


In order to follow this tutorial you should have the following environment:

  • An active IBM Cloud account. If you don’t have one, create an account on IBM Cloud.
  • A provisioned OpenShift 4.2 cluster. You can provision yours here.
  • The OpenShift command-line interface (CLI). Download it here.

Estimated time

This tutorial should take about 45 minutes to complete.


  1. Create a Db2 database on IBM Cloud

    • Click Catalog and choose services from the left navigation.
    • Select the database checkbox and select Db2.
    • Create a lite plan instance of the Db2 database, change the location, and name if you want.
    • Click Create

      Create Db2

  2. Create credentials for your Db2 database.

    • Click Service credentials and New credentials.
    • Expand your created credentials and make note of the database URI.

      Db2 credentials

    • Optional: Open the console to track changes in the database.

  3. Create an OpenShift project.

    • From the terminal, log in to your OpenShift Client (oc) cluster and create a new project:

      oc new-project flask-db-project
    • Or, from the OpenShift Client web console, switch to developer mode for a developer-oriented view, and create a project:

      Create OpenShift project

  4. Create an OpenShift secret.

    • From a terminal, create a secret to store, and encrypt your database credentials to access it later using environment variables. Make sure the secret name and key are dbcred, because the application accesses the envirnment variables by the key name.

      oc create secret generic dbcred --from-literal=dbcred="your db2 ssldsn value"

      For example, you type oc create secret generic dbced --from-literal=dbcre="DATABASE=*;HOSTNAME=*;PORT=50001;PROTOCOL=TCPIP;UID=*;PWD=*;"

    • Or, from the web console, go to search under advanced, and filter services for secrets. Then you create a key value secret:

      Create an OpenShift secret

  5. Deploy the Flask app and connect it to the Db2 database.

    • Create an app by clicking Add and then selecting From Catalog.

      Deploy the Flask app

    • Select Languages and then click Python. Choose a Python app, and then click Create application.

      Selecting a Python app

    • Add the GitHub repo URL in its field, click Show Advanced Option, and then add /flask-app in the Context Dir field. Choose a name for your app and click Deployment Configuration.

      Adding a GitHub repo

    • Under Deployment Configuration, click Add from config map or secret and add the values of your secret.

    • Add dbcred to name and choose dbcred resource and dbcred key.
    • Remove the empty Environment Variable and click Create.

      Remove the empty Environment Variable

  6. Monitor the build and deployment process.

    • You can monitor the build process and the deployment process until they are complete.
    • Also notice the app route, which is a URL:

      App route URL

  7. Verify the app works and connects to Db2 database.

    Optional: Remember to open the Db2 console to watch changes if you want. please note that Db2 lite plan gives you one schema where you can create table and it has the same name as your user in the service credentials so watch changes there

    Wait for the app to be completely deployed then try it by pressing on the Application URL in the routes section.

    The app has four URLs:

    • The main URL: the APP exposed route It shows that the app is online and also creates a table named values in the Db2 database.

    • The insert name URL: the APP exposed route/insertname This URL inserts a name in the table you created on the Db2 database.

      Example app URL

    • The table content URl: the APP exposed route/db2
      This URL shows the data in the values table.

    • Delete table URl: the APP exposed route/deletetable
      This URL deletes the values table from the Db2 database.

      Example app URL


In this tutorial, you saw how easy it is to deploy an application and connect it to a Db2 database on IBM Cloud in a matter of minutes. OpenShift identified, containerized, built, and deployed your application for you.

You now know how you can build applications with different source codes and connect them to other services securely. You don’t need to fear sensitive data will be exposed (the Db2 credentials in this example), all thanks to OpenShift secrets.

Learn more about Red Hat OpenShift on the OpenShift Learning Portal or try it at Get Started with OpenShift. To learn more about OpenShift on IBM Cloud, see the Red Hat OpenShift on IBM Cloud page on IBM Developer.