• Technical documentation
• User documentation
• Trust Center
• Contact us

Guide for using the installation wizard in Convier

Contents of this page

Installation wizard with secret store (from 0.2511.1)

By default, Convier reads config like OIDC client ID and secret from environment variables, but configuration may also be fetched from a secrets store if running in a supported environment (e.g. App Service).

Setup

Azure Key Vault

To fetch config directly from a key vault in Azure when running as an App Service, do the following:

• Create a new key vault
• Enable System assigned managed identity on the App Service
• Assign app service role Key Vault Secrets Officer
• In the app service, set environment variable AZURE_KEY_VAULT_NAME
  • AZURE_KEY_VAULT_URL if not a standard URL
• After install, consider adjusting app service role to Key Vault Secrets User

Google Secrets Manager

• Create new project
• Assign Cloud Run or equivalent permissions to read and write secrets on the project
• Set deployment, set envirnoment variable GOOGLE_SECRET_MANAGER_PROJECT_ID=<your project id>

Install

• Set environment variable INSTALLATION_MODE=true or create secret (INSTALLATION-MODE=true).
• Set environment variable INSTALLATION_PASSWORD
• Follow installation wizard, or create relevant secrets. If manual, note that underscores in environment variable names mentioned in the documentation must be replaced by dashes (e.g. JDBC_CONNECTION_STRING -> JDBC-CONNECTION-STRING)
• Set environment variable INSTALLATION_WIZARD=false and restart service