Jwt_source as Environment Variable


It feels as though this (or something like this) has been asked a couple of times before

And the “Key Value secrets storage for configuration in Tyk” article looked promising at one point

I can’t seem to make anything I’ve tried work though.

I was hoping I would be able to do something like

"jwt_source": "$secret_env.JWT",

However, this doesn’t work (I guess replaceTykVariables doesn’t operate on this property).

Is there any way of being able to set the jwt_source as an env var? Or are people really hard coding this value & committing it to version control?


1 Like

Hey @Simon_Tyk ,

Your understanding is correct. The key value store can only be used in the following locations:

Configuration file - tyk.conf
API Definition: currently, only the listen path and target URL
Body transforms and URL rewrites

So for the JWT source, you will have to include the secret in the API definition or inject it during your CI/CD pipeline by way of templating.

That’s great. Thanks for confirming @sedky :slight_smile:

Just curious, is there a reason this can’t be done? It seems like sort of a miss. The ideal is setting this with an env var like the admin secret—that way tools like AWS Secrets Manager can be the one to deal with it in ECS.

I realize that specific use case might be too narrow, but an env var would cover that and a lot more.

A library like viper (GitHub - spf13/viper: Go configuration with fangs) can be used to achieve this: it allows configuration via config-files as well as environment variables. @Tyk devs?

1 Like


Thanks for the suggestion and feedback. I will relay the information to the dev team

1 Like