Hi,
It feels as though this (or something like this) has been asked a couple of times before
Hi,
I’m using Tyk CE 2.3.5. The APIs are configured to use JWT authentication with HMAC encryption.
I’m looking for a way to pass in the value of “jwt_source” through the command line when launching Tyk gateway and have the API definition JSON reference this value as a variable instead of a hard-coded value. I’m trying to avoid hard-coding the HMAC signing key. Is this possible?
The parameter jwt_source is not listed under https://tyk.io/docs/configure/gateway-env-variables/ . BTW, in which…
Hello!
I’m doing my first steps with Tyk and stuck with a simple task.
I use docker-compose for development to run 2 services: Tyk API Gateway and Test service.
Request to http://localhost:8080/test should be proxied to Test service host, defined in docker-compose config (http://test-service:3000).
Simple:
{
"name": "Test",
"use_keyless": true,
"version_data": {
"not_versioned": true,
"versions": {
"Default": {
"name": "Default",
"expires": ""
}
…
And the “Key Value secrets storage for configuration in Tyk” article looked promising at one point
I can’t seem to make anything I’ve tried work though.
I was hoping I would be able to do something like
"jwt_source": "$secret_env.JWT",
However, this doesn’t work (I guess replaceTykVariables
doesn’t operate on this property).
Is there any way of being able to set the jwt_source
as an env var? Or are people really hard coding this value & committing it to version control?
Thanks!
1 Like
sedky
May 11, 2021, 2:12pm
2
Hey @Simon_Tyk ,
Your understanding is correct. The key value store can only be used in the following locations:
Configuration file - tyk.conf
API Definition: currently, only the listen path and target URL
Body transforms and URL rewrites
So for the JWT source, you will have to include the secret in the API definition or inject it during your CI/CD pipeline by way of templating.
That’s great. Thanks for confirming @sedky
Just curious, is there a reason this can’t be done? It seems like sort of a miss. The ideal is setting this with an env var like the admin secret—that way tools like AWS Secrets Manager can be the one to deal with it in ECS.
I realize that specific use case might be too narrow, but an env var would cover that and a lot more.
A library like viper (GitHub - spf13/viper: Go configuration with fangs ) can be used to achieve this: it allows configuration via config-files as well as environment variables. @Tyk devs?
1 Like
Olu
August 11, 2022, 10:52am
6
@Barry_Lagerweij
@jonlink_mf
Thanks for the suggestion and feedback. I will relay the information to the dev team
1 Like