From e8fe64ff121188837d7e703b990f83cda45a6291 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jarhanco@cisco.com>
Date: Thu, 15 Jul 2021 11:34:53 -0500
Subject: [PATCH] add db-password to enforcer external-database block

---
 samples/ra-vpn/redirector-lb/ravpn-enforcer-config.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/samples/ra-vpn/redirector-lb/ravpn-enforcer-config.yaml b/samples/ra-vpn/redirector-lb/ravpn-enforcer-config.yaml
index 20f6f8e..5a9938e 100644
--- a/samples/ra-vpn/redirector-lb/ravpn-enforcer-config.yaml
+++ b/samples/ra-vpn/redirector-lb/ravpn-enforcer-config.yaml
@@ -19,6 +19,7 @@ spec:
     - "mypkcs"
     - "redisca"
     - "userinfo"
+    - "sfcn-redis"
   cliLines: |
     interface Management0/0
      no management-only
@@ -78,6 +79,9 @@ spec:
     external-database
      host <your_redis_ip>
      port 6379
+      # this should match the token used for elasticache creation (EnforcerCacheAuthToken). If you omitted that field, then
+      # you should also omit the `db-password` line below.
+      db-password {{ index .secrets "sfcn-redis" "token" }}
      enable
     vpn load-balancing
      external-database