Secrets
In this document, you will learn the basic concept of Secrets and Secret Providers and in API7 Gateway and why you may need them.
Explore additional resources at the end of the document for more information on related topics.
Overview
A secret object is a piece of sensitive information that needs to be protected from unauthorized access, while a secret provider object is used to set up integration with an external secret manager(HashiCorp Vault, AWS Secret Manager, etc.), so that API7 Gateway can establish connections and fetch secrets from the secret manager dynamically at runtime.
By storing secrets in a dedicated secret management service, you can:
- Reduce the risk of data breaches: Minimize the exposure of sensitive information within your API7 Gateway.
- Simplify management: Centralize the storage and retrieval of secrets, streamlining configuration and maintenance.
- Enhance security: Leverage the advanced security features and auditing capabilities of external secret managers.
- Improve compliance: Ensure compliance with industry regulations and best practices for data protection.
Use Cases
Secure Consumer Credentials
The following sensitive field in consumer credentials can be stored in an external secret manager(HashiCorp Vault, AWS Secret Manager, etc.) and referenced in API7 Gateway:
key
in Key Authentication credentialpassword
in Basic Authentication credentialsecret
,public key
in JWT Authentication credentialsecret key
in HMAC Authentication credential
For detailed tutorial, please refer to Manage Consumer Credentials.
Secure Sensitive Field in Plugin Configuration
The following sensitive field in plugin configurations can be stored in an external secret manager(HashiCorp Vault, AWS Secret Manager, etc.) and referenced in API7 Gateway:
Plugin | Field |
---|---|
Limit Count | redis_username , redis_password |
Authz-Casdoor | client_id , client_secret |
Wolf RBAC | appid |
LDAP Authentication | user_dn |
For example, see Apply Rate Limiting to APIs and use secret in plugin configuration.
Additional Resources
- Key Concepts
- API Security
- API Consumption