Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 4. Provisioning your custom Red Hat Developer Hub configuration

To configure Red Hat Developer Hub, provision your custom Red Hat Developer Hub config maps and secrets to {platform-long} before running Red Hat Developer Hub.

Tip

On Red Hat OpenShift Container Platform, you can skip this step to run Developer Hub with the default config map and secret. Your changes on this configuration might get reverted on Developer Hub restart.

Prerequisites

  • By using the {platform-cli-link}, you have access, with developer permissions, to the OpenShift cluster aimed at containing your Developer Hub instance.
  • You have the connection string to an active Redis server, such as rediss://user:pass@cache.example.com:6379. For security, consider using a rediss secure server connection. See Chapter 3, Preparing your external services.

  • You have an external PostgreSQL database, with the following details. See See Chapter 3, Preparing your external services.

    postgres-host
    Your PostgreSQL instance Domain Name System (DNS) or IP address.
    postgres-port
    Your PostgreSQL instance port number, such as 5432.
    postres-username
    The user name to connect to your PostgreSQL instance.
    postgres-password
    The password to connect to your PostgreSQL instance.
    postgres-ca.pem, postgres-key.key, postgres-crt.pem
    TLS certificates to secure the connection to the database.

  • You have a GitHub App enabling access to the GitHub API for repository discovery, with the following details. See Chapter 3, Preparing your external services.

    GITHUB_INTEGRATION_APP_ID
    Your GitHub integration App ID.
    GITHUB_INTEGRATION_CLIENT_ID
    Your GitHub integration App client ID.
    GITHUB_INTEGRATION_CLIENT_SECRET
    Your GitHub integration App client secret.
    GITHUB_INTEGRATION_PRIVATE_KEY_FILE
    Your GitHub integration App private key.

Procedure

  1. For security, store your secrets as environment variables values in an OpenShift Container Platform secret, rather than in clear text in your configuration files. Collect all your secrets in the secrets.txt file, with one secret per line in KEY=value form.

    1. Enter your custom logo. 

      BASE64_EMBEDDED_FULL_LOGO="data:image/svg+xml;base64,<base64_full_logo_data>"
BASE64_EMBEDDED_ICON_LOGO="data:image/svg+xml;base64,<base64_icon_logo_data>"
      BASE64_EMBEDDED_FULL_LOGO

      Enter your logo for the expanded (pinned) sidebar as a base64 encoded SVG image.

      To encode your logo in base64, run: 

      $ base64 -i logo.svg
      BASE64_EMBEDDED_ICON_LOGO
      Enter your logo for the collapsed (unpinned) sidebar as a base64 encoded SVG image.

    2. Enter the connection string to your Redis server that caches plugin assets. 

      REDIS_CONNECTION=rediss://user:pass@cache.example.com:6379

    3. Enter your GitHub integration credentials: 

      GITHUB_INTEGRATION_APP_ID=_<Enter_the_saved_App_ID>
GITHUB_INTEGRATION_CLIENT_ID=<Enter_the_saved_Client_ID>
GITHUB_INTEGRATION_CLIENT_SECRET=<Enter_the_saved_Client_Secret>
GITHUB_INTEGRATION_HOST_DOMAIN=github.com
GITHUB_INTEGRATION_ORGANIZATION=<Enter_your_github_organization_name>
GITHUB_INTEGRATION_PRIVATE_KEY_FILE= <Enter_the_saved_Private_key>

    4. Enter your PosgreSQL database secrets: 

      POSTGRES_PASSWORD: <postgres-password>
POSTGRES_PORT: "<postgres-port>"
POSTGRES_USER: <postgres-username>
POSTGRES_HOST: <postgres-host>
PGSSLMODE: verify-full
NODE_EXTRA_CA_CERTS: /opt/app-root/src/postgres-crt.pem
    5. Enter your authentication secrets.

  2. Author your custom app-config.yaml file. This is the main Developer Hub configuration file. You need a custom app-config.yaml file to avoid the Developer Hub installer to revert user edits during upgrades. When your custom app-config.yaml file is empty, Developer Hub is using default values.

    1. For a production environment, start with the following setup:

      app-config.yaml

      app:
  title: <Red Hat Developer Hub>
  branding:
    fullLogo: ${BASE64_EMBEDDED_FULL_LOGO}
    fullLogoWidth: 110px
    iconLogo: ${BASE64_EMBEDDED_ICON_LOGO}
backend:
  cache:
    store: redis
    connection: ${REDIS_CONNECTION}
techdocs:
  cache:
    ttl: 3600000
catalog:
  providers:
    <enter_your_provider_configuration>
integrations:
    <enter_your_integrations_configuration>
permission:
  enabled: true
  rbac:
    admin:
      users:
        - name: user:default/<your_policy_administrator_name>
    pluginsWithPermission:
      - catalog
      - scaffolder
      - permission

      Most fields use environment variables that you defined in secrets in the previous step.

      app
      title
      Enter your Developer Hub instance display name, such as <Red Hat Developer Hub>.
      branding

      Set your custom logo.

      Optionally, customize the width of the branding logo by changing value for the fullLogoWidth field. The following units are supported: integer, px, em, rem, percentage.

      backend
      cache
      Enable the plugins assets cache.
      techdocs
      cache
      Enable the Techdocs cache.
      catalog
      provider
      Enter your catalog provider configuration.
      integrations
      Enter your repository discovery configuration.
      permissions
      Enable Role-based access control. Enter your policy administrator name.
    2. Additionally, provision users and enable authentication with your external identity provider.

  3. Author your custom dynamic-plugins.yaml file to enable plugins. By default, Developer Hub enables a minimal plugin set, and disables plugins that require configuration or secrets, such as the GitHub repository discovery plugin and the Role-based access control (RBAC) plugin.

    Enable the GitHub repository discovery and the RBAC features:

    dynamic.plugins.yaml

    includes:
  - dynamic-plugins.default.yaml
plugins:
  - package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github
    disabled: false
  - package: ./dynamic-plugins/dist/backstage-community-plugin-rbac
    disabled: false

  4. Provision your custom configuration files to your {platform} cluster.

    1. Create the <my-rhdh-project> {namespace} aimed at containing your Developer Hub instance. 

      $ oc create namespace my-rhdh-project

    2. Provision your app-config.yaml and dynamic-plugins.yaml files respectively to the my-rhdh-app-config, and dynamic-plugins-rhdh config maps in the <my-rhdh-project> project. 

      $ oc create configmap my-rhdh-app-config --from-file=app-config.yaml --namespace=my-rhdh-project
$ oc create configmap dynamic-plugins-rhdh --from-file=dynamic-plugins.yaml --namespace=my-rhdh-project

      Alternatively, create the config maps by using the web console.

    3. Provision your secrets.txt file to the my-rhdh-secrets secret in the <my-rhdh-project> project. 

      $ oc create secret generic my-rhdh-secrets --from-file=secrets.txt --namespace=my-rhdh-project

      Alternatively, create the secret by using the web console.

    4. Provision your PosgreSQL TLS certificates to the my-rhdh-database-secrets secret in the <my-rhdh-project> project. 

      $ oc create secret generic my-rhdh-secrets --from-file=postgres-ca.pem --from-file=postgres-crt.pem --from-file=postgres-key.key --namespace=my-rhdh-project
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top