This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

SSH login to Apigee

Posted on 01-12-2018 10:51 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi,

I tried using Concourse to do automated build and deployment for apigee proxies. Major challenge is credentials for login. I don't want to put credentials in plan text. So i thought of using ssh for login.

So, Can i use ssh key for deployment using management api?

0 5 621
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Hi,

Currently, you cannot use an SSH key to authenticate to the Apigee Edge Management API.

There are several approaches people have taken.

- Key encryption. some customers store the credentials for Apigee Edge in a machine-encrypted store, or in a KMS that supports the CI/CD flow.

- OAuth tokens. Apigee Edge supports the use of OAuth tokens for authenticating. So you could generate the token and share it to the CI/CD pipeline.

There may be other people who can contribute suggestions.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thanks for quick response.

I have follow up question. How to get OAuth token to push proxy to apigee? Please refer to some documentation.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Using access tokens to authenticate management API calls

0 Likes

Posted on --/--/---- --:-- AM
artem-petrosian
New Member
Reply posted on --/--/---- --:-- AM

Speaking about Concourse, you may want to use Credential Management, instead of putting them explicitly as a plain text.

https://concourse.ci/creds.html

Going beyond Encryption, explicit credential management will provide credentials to your builds for a brief amount of time, without being persisted anywhere. It also allows for credentials to be rotated and managed external to the pipeline or team, and prevents them from being revealed by get-pipeline.

Currently, the only supported credential managers are Vault and Credhub.

Credential management works by replacing the credentials with ((parameters)) in your pipeline or task config. When the ATC is about to run the step or check that is configured with the parameters, it will resolve them by fetching the values from the credential manager. If the values are not present, the action will error.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to artem-petrosian
Reply posted on --/--/---- --:-- AM

credhub is not available yet. Any other option?

0 Likes