If you want to configure your policy deployment packages to be signed upon publication to a store, see Example: Configure signed deployment packages for healthcare.

To use the Deployment Manager feature, you must configure the Policy Editor to publish policies to a deployment package store in the options file’s deploymentPackageStores section.

For more information, see Using the Deployment Manager.

  1. Make a copy of the default options file.
    $ cp config/options.yml my-options.yml
  2. To define a deployment package store or stores for the Policy Editor to publish policies to, edit the deploymentPackageStores section of the new options file.

    The file contains commented out examples of different deployment package store types.

    1. Duplicate the desired deployment package store type, uncomment, and modify its values according to your deployment.
    Important:
    • The use of indentation in the options.yml file is important. When removing comment hashes, ensure that you retain valid YAML file indentation structure.
    • For an Azure deployment package store, record the prefix you define for the deployment package store. You will need the prefix for PingAuthorize Server configuration.
    • For an Amazon Web Services (AWS) deployment package store, review your existing Simple Storage Service (S3) bucket configurations on the S3 dashboard of AWS Management Console.
    • Each deployment package store has its own signing key configuration under deploymentPackageStores. See the Signed filesystem store block for an example. The signing key configuration under deploymentPackageData applies only to exported deployment packages—not deployment package stores.
    deploymentPackageStores:
      # Define deployment package store publishing targets here.
      #
      # - name: Filesystem store
      #   description: File system directory store
      #   type: filesystem
      #   path: /path/to/deployment-package-store/
      # - name: Signed filesystem store
      #   description: Signed file system directory store
      #   type: filesystem
      #   path: /path/to/signed-deployment-package-store/
      #   securityLevel: signed
      #   keystore:
      #     resource: /path/to/deployment-package-signing-keystore.jks
      #     password: keystore-password
      #   signingKey:
      #     alias: signing-cert-alias
      #     password: private-key-password
      # - name: S3 bucket store
      #   description: AWS S3 bucket store
      #   type: s3bucket
      #   securityLevel: unsigned or signed
      #   keystore:
      #     resource: /path/to/deployment-package-signing-keystore.jks
      #     password: keystore-password
      #   signingKey:
      #     alias: signing-cert-alias
      #     password: private-key-password
      #   config:
      #     bucket: store-bucket-name
      #     prefix: store-prefix
      #     endpoint: https://s3-bucket-endpoint.aws-region.amazonaws.com
      #     region: aws-s3-bucket-region
      #     accessKey: aws-access-key
      #     secretKey: aws-secret-key
      #  Other deployment package store types omitted for brevity...
  3. Stop the Policy Editor.
    $ bin/stop-server
  4. Run setup using the --optionsFile argument.
    $ bin/setup demo \
      --adminUsername admin \
      --generateSelfSignedCertificate \
      --decisionPointSharedSecret pingauthorize \
      --hostname  <pap-hostname> \
      --port  <pap-port> \
      --adminPort  <admin-port> \
      --licenseKeyFile  <path-to-license> \
      --optionsFile my-options.yml
  5. Start the Policy Editor.
    $ bin/start-server
  6. To verify that your deployment package store or stores are available in the Policy Editor, go to Branch Manager > Deployment Manager.