This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

connecting apigee with AWS - storing secrets in the Edge Vault

Posted on 11-18-2016 06:03 AM
chadalawadahari
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I am trying to connect apigee with AWS. For that I created an AWS account and then created IAM user and downloaded that keys. But to follow next steps the keys need to store in vault. please suggest me to move forward that how to store it into vault.

0 1 507
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

The way to provision the vault is via Edge Management APIs. Here's an example.

First create the vault. 

curl -X POST \
    -H content-type:application/json \
    $mgmtserver/v1/o/$org/e/$env/vaults \
    -d '{ "name": "vaultname" }'

Then, populate the vault with key/value pairs. Do that with another API call, like this:

curl -X POST \
  -H content-type:application/json \
  $mgmtserver/v1/o/$org/e/$env/vaults/${vaultname}/entries \
  -d "$payload"

The payload for this call ought to look something like this:

{ "name": "vault-key-here", "value": "value-goes-here" }

If you want to store multiple key/value pairs, then invoke that second API call several times, each with a different payload.

You should be aware that Apigee is replacing the Vault with an Encrypted KVM store. The APIs to administer the encrypted KVM are similar to those used to administer the vaults. For more on encrypted KVM, see this documentation article. For the management APIs, see this doc. KVMs, unlike vaults, can be scoped to an organization, an environment, or an API proxy.

0 Likes