Vault / Secure Storage without NodeJS

We have the vault feature that let's you read encrypted values of a key/value pair from within the NodeJS process. However what is the best option to store encrypted values (such as user/pass for backend) and retrieve them in non NodeJS proxy flows? I have in the past used KVM to store encrypted values, and read them using Java callouts. But I am looking for something simpler. Like the apigee-access module + vault in NodeJS, isn't there a simpler way in which we can easily store encrypted username + password pairs, and then retrieve them in a way that we can add them as the auth header going to the backend / target.
Solved Solved
1 7 1,060
1 ACCEPTED SOLUTION

akoo
Participant V

Hello all, I wanted to add an important note: encrypted KVMs are here. Details are in our documentation: http://docs.apigee.com/api-services/reference/key-value-map-operations-policy . You now have an option for encrypted data without having to use Node.js.

View solution in original post

7 REPLIES 7

There is no way currently to access the vault from outside a node.js proxy. I would like to see that, too!

Not applicable
Hey @Prashanth Subrahmanyam. I think you already explored the option of storing data encrypted in KVMs and decrypting it by Java Callouts. So, what I'm proposing is the same except with JavaScript or Node.js. So, it's not necessarily different to what you've done, except for the language used for it and perhaps some libraries. However, I'm posting it here as there might be some tricks that you can still leverage to store sensitive data in KVMs with a little bit of code. The following tutorial https://github.com/dzuluaga/apigee-tutorials/tree/master/apiproxies/kvm-encrypted-grunt-api#1-encryp..., demonstrates how data can be encrypted and decrypted with aes algorithm. The same principle could be applied in leveraging JS policies with crypto.js.

@Diego Zuluaga where is the decryption key stored to decrypt the KVM values in Java Callout or Javascript option. Thanks for the detail on source control solution.

Not applicable

I also can recommend to use ideals virtual data room as a secured storage. It is checked and works well.

This appears to be completely irrelevant.

akoo
Participant V

Hello all, I wanted to add an important note: encrypted KVMs are here. Details are in our documentation: http://docs.apigee.com/api-services/reference/key-value-map-operations-policy . You now have an option for encrypted data without having to use Node.js.