Lädt...


🔧 API7 Enterprise v3.2.16: Integrated Secret Providers


Nachrichtenbereich: 🔧 Programmierung
🔗 Quelle: dev.to

In API7 Enterprise, you may store a large amount of sensitive information, such as SSL certificates and private keys, usernames and passwords of consumer authentication credentials, and that required by certain plugins to connect to external systems.

The concept of "Secret Providers" is introduced in API7 Enterprise v3.2.16. Now, we can easily add secret provider resources to integrate with third-party secret managers, such as HashiCorp Vault, AWS Secrets Manager, and GCP Secret Manager, and reference the sensitive information stored externally in API7 using variables. The reference format is as follows:

$secret://$manager/$id/$secret_name/$key

How to Use Secret Providers?

Adding a Secret Provider

In the Gateway Group menu, a new "Secret Provider" option is added. Click the button to access the secret provider list page. Then, click the "Add Secret Provider" button in the top right corner of the page.

Add Secret Providers in API7 Enterprise

In the pop-up window, fill in the basic information about the secret provider, and select the secret management service type, for example, HashiCorp Vault. Then provide the service access address and authentication token for your HashiCorp Vault configuration.

Viewing a Secret Provider

After creation, we can view the specific configuration details and the secret variable example on the secret provider details page.

Secret Provider Details in API7 Enterprise

The format of the secret variable is: secret://manager/$id/$secret_name/$key, with the following meanings:

  • $secret: A fixed prefix, no replacement needed
  • $manager: The secret management service
  • $id: The ID of the secret provider resource
  • $secret_name: The name of the secret in the secret management service
  • $key: The key corresponding to the secret in the secret management service

For example, with a secret provider ID of my-provider and a secret management service type of HashiCorp Vault, if you want to reference a secret named my-secret with a key password, the corresponding secret variable would be:

$secret://vault/my-hashicorp-vault/my-secret/password

Currently, HashiCorp Vault is supported as a secret management service. AWS Secrets Manager and GCP Secret Manager will soon be available.

Referencing a Secret Variable

Once the secret provider is created, you can reference externally stored sensitive information in various resources in API7 Enterprise through variables. For example, when adding Basic Authentication credentials for a consumer, you can choose to store sensitive information, like passwords, in an external secret management service and reference it in API7 Enterprise, thus enhancing security.

Reference Secret Providers in API7 Enterprise

Similarly, when working with non-form pages, like the plugin editor, we can also directly enter the value of the Secret variable as a string into any field that supports referencing Secrets.

Refer Secret Information When Enabling Plugins

Viewing Reference Relationships

When we reference a variable from my-provider in consumer credentials, we can view this reference relationship in the secret provider reference list. Other referenced resources will also be displayed in this list, making it easier to track the usage of the secret provider.

Secret Provider References

Editing or Deleting a Secret Provider

When editing or deleting a secret provider, the system will check the reference relationships to avoid invalid variables being referenced in resources, which could lead to configuration errors.

Edit or Delete Secret Provider in API7 Enterprise

Summary

By integrating with external secret management services, such as HashiCorp Vault, API7 Enterprise enhances the convenience of referencing externally stored sensitive information across various resources. This integration reduces the risks and costs associated with manual management of such information. Looking ahead, we plan to support more types of secret management services to meet the growing needs of users, ensuring both flexibility and security in the management of sensitive information.

...

🔧 API7 Enterprise v3.2.16: Integrated Secret Providers


📈 59.85 Punkte
🔧 Programmierung

🔧 What's New in API7 Enterprise: Route Priority and Optimized Upstream Configuration


📈 27.6 Punkte
🔧 Programmierung

🔧 Key Aspects of API Evolution: Version Control in Multi-Environments with API7 Enterprise


📈 27.6 Punkte
🔧 Programmierung

🔧 What's New in API7 Enterprise: IAM for Granular Access Control


📈 27.6 Punkte
🔧 Programmierung

🔧 What's New in API7 Enterprise 3.2.13: Flexible Service Publishing


📈 27.6 Punkte
🔧 Programmierung

🔧 What's New in API7 Enterprise 3.2.13: Ingress Controller Gateway Groups


📈 27.6 Punkte
🔧 Programmierung

🔧 What's New in API7 Enterprise 3.2.12: Supporting Stream Routes


📈 27.6 Punkte
🔧 Programmierung

🔧 What's New in API7 Enterprise 3.2.11: Supporting SCIM and SSO Role Mapping


📈 27.6 Punkte
🔧 Programmierung

🔧 Streamlining Frontend-Backend Integration Using API7 Enterprise


📈 27.6 Punkte
🔧 Programmierung

🔧 What's New in API7 Enterprise 3.2.9: Upgraded Health Check Configuration


📈 27.6 Punkte
🔧 Programmierung

🔧 What's New in API7 Enterprise 3.2.9: Custom Plugin Management


📈 27.6 Punkte
🔧 Programmierung

🔧 What's New in API7 Enterprise: Token Management


📈 27.6 Punkte
🔧 Programmierung

🔧 What's New in API7 Enterprise 3.2.2: Audit Logging


📈 27.6 Punkte
🔧 Programmierung

🔧 API7 Enterprise's Flexible External Authentication Integration


📈 27.6 Punkte
🔧 Programmierung

🔧 API7 Enterprise v3.2.16.4 Supports Webhook/Email Alert Notifications


📈 27.6 Punkte
🔧 Programmierung

🔧 API7 Enterprise's Canary Traffic Shifting Strategy for Precise Traffic Control


📈 27.6 Punkte
🔧 Programmierung

🔧 API7 Enterprise v3.2.16.3 Integrates with AWS Secrets Manager


📈 27.6 Punkte
🔧 Programmierung

🔧 How Does API7 Enterprise Proxy Applications in Kubernetes Clusters?


📈 27.6 Punkte
🔧 Programmierung

🔧 API7 Enterprise v3.2.15: Multi-Credential Authentication


📈 27.6 Punkte
🔧 Programmierung

🔧 How to Use API7 Enterprise to Proxy gRPC Services?


📈 27.6 Punkte
🔧 Programmierung

🔧 API7 Enterprise 3.2.14.4: Permission Boundary for Refined Permission Management


📈 27.6 Punkte
🔧 Programmierung

🔧 Key Aspects of API Evolution: Version Control in Multi-Environments With API7 Enterprise


📈 27.6 Punkte
🔧 Programmierung

🕵️ CVE-2023-50272 | HPE Integrated Lights-Out 5/Integrated Lights-Out 6 improper authentication


📈 23.39 Punkte
🕵️ Sicherheitslücken

🕵️ HPE Integrated Lights-Out 4/Integrated Lights-Out 5 cross site scripting


📈 23.39 Punkte
🕵️ Sicherheitslücken

🕵️ HPE Integrated Lights-Out 4/Integrated Lights-Out 5 memory corruption


📈 23.39 Punkte
🕵️ Sicherheitslücken

🕵️ HPE Integrated Lights-Out 3/Integrated Lights-Out 4 Cross Site Scripting


📈 23.39 Punkte
🕵️ Sicherheitslücken

🕵️ HPE Integrated Lights-Out 3/Integrated Lights-Out 4 Cross Site Scripting


📈 23.39 Punkte
🕵️ Sicherheitslücken

📰 It’s time for Internet Providers to Become Primary Security Providers


📈 23.19 Punkte
📰 IT Security Nachrichten

🔧 How API7 Gateway Overcomes Exceptions with High Availability Strategies


📈 22.65 Punkte
🔧 Programmierung

🔧 OWASP API7:2023 Server Side Request Forgery(SSRF)


📈 22.65 Punkte
🔧 Programmierung

🔧 API7 Solution: High Availability for B2B Services


📈 22.65 Punkte
🔧 Programmierung

🔧 10 Reasons for Choosing API7


📈 22.65 Punkte
🔧 Programmierung

🔧 API7 API Gateway Performance Benchmark: P99 = 2.3 ms & 160k QPS


📈 22.65 Punkte
🔧 Programmierung

matomo