Initiative: Gonna use Tyk at production level. We are considering, how to scale and security.
Deployment
Q1. We prefer to use FILES to config API definition and Policies and thought it is better to handle deployment and management comparing with GUI. Any thoughts ?
Take away MongoDB
Q1. What is the responsibility on MongoDB and Redis in Tyk ? MongoDB for Analytic only ?
Q2. Is API keys and Organization stored in Redis / MongoDB ? Can we use Advanced API like /admin/organisations/
if we disabled MongoDB
Q3. How to config if we want to disable MongoDB ? Remove mongo_url
from dashboard_config ? remove enable_analytics
from gateway config
Q4. So Dashboard service only for Advanced API after we disabled MongoDB and API defined via FILES ?
Q5. Beside mongoDB and CSV, any method we can stream analytic data to statsd / datadog ? Assuming we use FILE based API definition.
Security
Q1. API key and Oauth key are created via Gateway with a SECERT. When Gateway is supposed open to public ( Dashboard can be Internal only) and seems it is not very secure once hacker brute-force the SECRET and they can create KEY as they want. Any thoughts
Q2. Is a possible to config tyk.conf > secret
and tyk_analytics.confg > admin_secret
using Environment variables instead of hard code in conf ?