Skip to main content

Version: 3.2.16.3

Secrets

In this document, you will learn the basic concept of Secrets and Secret Providers and in API7 Gateway and why you may need them.

Explore additional resources at the end of the document for more information on related topics.

Overview

A secret object is a piece of sensitive information that needs to be protected from unauthorized access, while a secret provider object is used to set up integration with an external secret manager(HashiCorp Vault, AWS Secret Manager, etc.), so that API7 Gateway can establish connections and fetch secrets from the secret manager dynamically at runtime.

By storing secrets in a dedicated secret management service, you can:

  • Reduce the risk of data breaches: Minimize the exposure of sensitive information within your API7 Gateway.
  • Simplify management: Centralize the storage and retrieval of secrets, streamlining configuration and maintenance.
  • Enhance security: Leverage the advanced security features and auditing capabilities of external secret managers.
  • Improve compliance: Ensure compliance with industry regulations and best practices for data protection.

Use Cases

Secure Consumer Credentials

The following sensitive field in consumer credentials can be stored in an external secret manager(HashiCorp Vault, AWS Secret Manager, etc.) and referenced in API7 Gateway:

  • key in Key Authentication credential
  • password in Basic Authentication credential
  • secret , public key in JWT Authentication credential
  • secret key in HMAC Authentication credential

For detailed tutorial, please refer to Manage Consumer Credentials.

Secure Sensitive Field in Plugin Configuration

The following sensitive field in plugin configurations can be stored in an external secret manager(HashiCorp Vault, AWS Secret Manager, etc.) and referenced in API7 Gateway:

PluginField
Limit Countredis_username, redis_password
Authz-Casdoorclient_id, client_secret
Wolf RBACappid
LDAP Authenticationuser_dn

For example, see Apply Rate Limiting to APIs and use secret in plugin configuration.

Additional Resources


API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation