Initiative: Gonna use Tyk at production level. We are considering, how to scale and security.
Q1. We prefer to use FILES to config API definition and Policies and thought it is better to handle deployment and management comparing with GUI. Any thoughts ?
Take away MongoDB
Q1. What is the responsibility on MongoDB and Redis in Tyk ? MongoDB for Analytic only ?
Q2. Is API keys and Organization stored in Redis / MongoDB ? Can we use Advanced API like
/admin/organisations/ if we disabled MongoDB
Q3. How to config if we want to disable MongoDB ? Remove
mongo_url from dashboard_config ? remove
enable_analytics from gateway config
Q4. So Dashboard service only for Advanced API after we disabled MongoDB and API defined via FILES ?
Q5. Beside mongoDB and CSV, any method we can stream analytic data to statsd / datadog ? Assuming we use FILE based API definition.
Q1. API key and Oauth key are created via Gateway with a SECERT. When Gateway is supposed open to public ( Dashboard can be Internal only) and seems it is not very secure once hacker brute-force the SECRET and they can create KEY as they want. Any thoughts
Q2. Is a possible to config
tyk.conf > secret and
tyk_analytics.confg > admin_secret using Environment variables instead of hard code in conf ?