Our proposed deployment pattern is to use Jenkins to do automated deploys of proxies to Apigee within a DevOps process. There will potentially be multiple developers working simultaneously on proxies, with proxy deployments into non-production happening fairly regularly (including nightlies).
Obviously Jenkins will require a username and password of an Apigee user in order to deploy the bundles. In a multiple developer pattern, we're not sure whether we want a 'real' user to have to enter their Apigee credentials into a Jenkins job. And it breaks the concept of automation if manual intervention is required.
A suggestion has been made for us to create a DevOps role, which has limited permissions, e.g. only Add and Update proxes in a specific environment. Then we register a generic DevOps user in Apigee, assign it to the DevOps role, and then store the credentials of that user in Jenkins, using password masking.
Is this a common pattern? If not, what is the best practice for managing Apigee credentials in a multi-developer, automated deployment ecosystem?
@John Ferguson : Create a user across all the environment. Let's say user like 'jenkins'. make sure this user has the admin power.
As admin user has the ability to do deploy/undeploy etc..
Configure this credentials in the property in your maven proxy project. conf property should be environmental wise.
Thanks Sachinda.
To clarify, having non-human user accounts registered in Apigee is accepted practice?
In terms of providing an email address for verification, I guess we'd just have to use an administrator's email, or some sort of administrative group email account?
User | Count |
---|---|
5 | |
2 | |
2 | |
1 | |
1 |