Enabling AI Factory v1.3

Suggest edits

Before you can use GenAI Builder in Hybrid Manager, you need to enable AI Factory. This involves two main steps:

  1. Setting up a Fernet key for encryption (if not already created).
  2. Connecting GenAI Builder to an S3-compatible bucket for its datalake.

1. Generate a Fernet key (if not already created)

AI Factory uses a Fernet key to encrypt sensitive data. If you ran one of the -install-secrets.sh scripts during Hybrid Manager setup, you may already have this key.

If not, generate it manually with the following commands (requires kubectl configured for your HM cluster):

FERNET_KEY=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64)

kubectl create namespace upm-griptape

kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: fernet-secret
  namespace: upm-griptape
stringData:
  FERNET_KEY: ${FERNET_KEY}
EOF

This creates a Kubernetes secret in the upm-griptape namespace for GenAI Builder to use.

2. Create an S3-compatible bucket

GenAI Builder requires an S3 bucket (the datalake) to store structures, tools, and indexed data.

Gather the following information from your bucket provider:

FieldExample
Bucket namemycompany-genai-datalake
Access keyAWS access key ID or equivalent
Secret access keyAWS secret access key or equivalent
URLhttps://s3.us-west-2.amazonaws.com/
Regionus-west-2

Note: The bucket name must be globally unique if using AWS.

Optional: CORS configuration

If you plan to use the GenAI Builder web UI, configure CORS rules on the bucket so the UI can access it. For AWS S3, a typical configuration is:

[
  {
    "AllowedHeaders": ["*"],
    "AllowedMethods": ["PUT", "POST", "DELETE", "GET", "HEAD"],
    "AllowedOrigins": ["https://${PORTAL_DOMAIN_NAME}"],
    "ExposeHeaders": []
  }
]

Replace ${PORTAL_DOMAIN_NAME} with your HM portal domain.

Google Cloud Storage (GCS)

GCS can be used via its S3 interoperability layer:

  1. Enable S3 interoperability in GCS settings.
  2. Create or update a service account with roles:
  • Storage Admin
  • Service Account Token Creator
  1. Generate an HMAC key pair.
  2. Configure bucket CORS (save as cors.json):
[
  {
    "origin": ["https://<portal-url>"],
    "method": ["GET", "PUT", "POST", "DELETE", "HEAD"],
    "responseHeader": ["*"],
    "maxAgeSeconds": 3600
  }
]

Apply with:

gsutil cors set cors.json gs://<bucket-name>

3. Connect the bucket to GenAI Builder

Once your bucket is ready:

  1. In Hybrid Manager, open LaunchpadGenAI Builder.
  2. Log in with your administrator account
  • Default: owner@mycompany.com / password pgai_admin
  1. In the Administrator Console, open the AI Factory configuration form.
  2. Enter your bucket details:
FieldExample
S3 URLhttps://s3.us-west-2.amazonaws.com/
S3 Bucketmycompany-genai-datalake
S3 Access KeyAKIA…
S3 Secret KeywJalr…
S3 Regionus-west-2
  1. Click Submit.

4. Success: AI Factory enabled

Once saved:

  • GenAI Builder can store and retrieve content in your datalake.
  • You can now create Libraries, Knowledge Bases, and Assistants.
  • Configuration details (like the Fernet key and bucket settings) are handled for you inside Hybrid Manager.

AI Factory is now enabled and ready to use.

↑ Up

AI Factory in Hybrid Manager

Next →

Gen AI Builder on Hybrid Manager