Auth Manager?
AuthManager consist of two entities
- CryptoManager for encryption and signing
- SecretManager for secrets
Secret Manager
Its only function is to retrieve secrets.
There is out-of-the-box support for
- AWS KMS ${WS_SM1:}
- Azure KeyVault {AZURE_SM1:
- Cyberark (CYBERARK_SM1:)
- System properties (SYS:)
External providers
See below a configuration example how secrets can be retrieved from within any entity configuration (DataSource, DataFeed, DataSink) from any external provider AWS KMS
, Azure KeyVault
or Cyberark
.
1 2 3 4 5 6 7 8 9 10 |
|
Local system properties and secrets
- Local system properties and keys must be encrypted. There should be no
raw
passwords, keys or secrets copied in a local system file.1 2 3 4 5 6 7 8 9 10 11 12
// This can be copied in the GIT repository, eg. /sysprops/SYSPROP_GITHUB.xml <apiroConf> <loadOrder>3</loadOrder> <envProperties> <envProperty> <!--<env>APIRO_PRE_DEMO</env> should match -> docker-compose.yaml APIRO_INSTANCEID: APIRO_PRE_DEMO--> <name>APIRO_GITHUB_PW</name> <value>asdfoiahjsdfoilkjsadh;asdf987798fdaailbdfubhaoksdfh</value> <encrypted>true</encrypted> </envProperty> </envProperties> </apiroConf>
Encryption Manager
It can sign and encrypt but not get secrets.
You can use the Encryption Manager via the UI. You can go to Tools->Secret Manager
and Generate the encrypted secret as shown in the screenshot below.
Then you can copy the value into your properties files anbd push it to GIT.
Note: every instance of Apiro uses a different seed
so you can not share keys between environments.