I want to integrate Tyk with Vault because I need to get secrets that will be injected as a header in the request, I managed to do it with middleware but I saw that there is a way to do it without it (Key Value secrets storage for configuration in Tyk). But that part “For body transforms and URL rewrites, the prefixes are $ secret_vault., $ Secret_consul. And $ secret_conf.” it wasn’t very clear to me.
Example:
The configuration for the vault in the .config file looks like this:
I’m trying to log the secret into the middleware like this:
log ($secret_vault.myengine.user1)
but I’m having the error:
time = “Apr 05 12:18:53” level = error msg = “Failed to run JS middleware” api_id = keyless api_name = “Tyk Test Keyless API” error = “ReferenceError: ‘$ secret_vault’ is not defined” mw = DynamicMiddleware org_id = default origin = 172.29.0.1 path = “/ keyless / get”
I wanna add that im having same error whent i try to log a secret from .conf file, like this:
//.conf file
"secrets": {
"gateway": "secret"
},
On middleware i’m tryong to access this secret with var a = $secret_conf.gateway.
Error:
time=“Apr 05 18:35:20” level=error msg=“Failed to run JS middleware” api_id=keyless api_name=“Tyk Test Keyless API” error=“ReferenceError: ‘$secret_conf’ is not defined” mw=DynamicMiddleware org_id=default origin=172.29.0.1 path="/keyless/"
Hi! There is no direct access to secrets from inside the plugin.
The closest thing you can do is to inject secret into HTTP header (using global headers middleware), and then read and remove it via middleware.
Got it! If i can do this with transformation/global header i dont even gonna need middleware. Actually i’ve tried to get the values from Vault but didn’t worked out for me. I should use $secret_vault.myengine.user1.senha, where ‘myengine’ is engine’s name, ‘user1’ is the path and ‘senha’ is the key?