Other Secrets

V3 API secret (in v6.0.0 and v6.1.0)

Definition in LE v6.0.0 Definition in LE v6.1.0

Definition in LE v6.0.0	Definition in LE v6.1.0
These values are available in the customized json properties from step 1 in Preparing a Database. The JSON attributes are `your_api_key_for_v3_api` and `your_secret_for_v3_api` . Sample secret files are available in: `sample/configui/configui-secrets-with-encryption.yaml` and `samples/configui/configui-secrets.yaml`	This is the key and secret pair that ConfigUI uses to call the Platform API. The key and secret are generated using the customization script. Refer to Customizing IDs and Keys for Local Edition for more information. You can find sample of Other secrets files under this path: `samples/general`.

These values are available in the customized json properties from step 1 in Preparing a Database.

The JSON attributes are your_api_key_for_v3_api and your_secret_for_v3_api .

Sample secret files are available in: sample/configui/configui-secrets-with-encryption.yaml and samples/configui/configui-secrets.yaml

This is the key and secret pair that ConfigUI uses to call the Platform API. The key and secret are generated using the customization script.

Refer to Customizing IDs and Keys for Local Edition for more information.

You can find sample of Other secrets files under this path: samples/general.

API Debug Key Secret (introduced in v6.1.0)

tip

This section was added in the Boomi Cloud API Management – Local Edition 6.1.0 release.

You can find api-debug-header-secrets samples under the following path: samples/general/api-debug-header-secrets-sample.yaml
Do not change the secret name and attribute name.
.apiDebugKey - This should be exactly 24 characters. We recommend you to use randomized text.
.apiDebugSecret - This should be exactly 10 characters. We recommend you to use randomized text.

Creating ConfigUI Secret

With Encryption

Procedure

Encrypt apikey.

$ mkdir -p <extract location/certs/configui
$ cd <extract location>/certs/configui
$ apim_crypto -s 'abcd1234efgh5678' -n '1234abcd5678efgh' -t '<value of your_api_key_
for_v3_api from customised papi json>'

Encrypt apisecret.

$ apim_crypto -s 'abcd1234efgh5678' -n '1234abcd5678efgh' -t '<value of your_secret_for_
v3_api from customised papi json>'

base64 encoded secret and nonce.

$ echo -n 'abcd1234efgh5678' | base64
YWJjZDEyMzRlZmdoNTY3OA==
$ echo -n '1234abcd5678efgh' | base64
MTIzNGFiY2Q1Njc4ZWZnaA==

Create the YAML file for creating k8s secret. Do not change the secret name and the attribute name.

xml
apiVersion: v1
kind: Secret
metadata:
name: configui-secrets
data:
.mlc_apikey: <output of step 1>
.mlc_apisecret: <output of step 2>
.mlc_aeadsecret: YWJjZDEyMzRlZmdoNTY3OA==
.mlc_aeadnonce: MTIzNGFiY2Q1Njc4ZWZnaA==

Create the k8s secret.

$ kubectl apply -f configui-secrets-with-encryption.yaml

info

This section was added in the Boomi Cloud API Management – Local Edition 6.1.0 release.

You can find the samples of Config UI secrets at the following path: samples/configui/configui-secrets.yaml.
Do not change the secret name and attribute name.

Key	Value	Notes
`.mlc_apikey`	This is generated by running `customize.sh`.	The API key is used by ConfigUI to authenticate against the Platform API.
`.mlc_apisecret`	This is generated by running `customize.sh`.	The API secret is used by ConfigUI to authenticate against the Platform API.

For encrypting Config UI secrets, use apim_cyrpto. You can find a sample of an encrypted Config UI secrets at this path: samples/configui/configui-secrets-with-encryption.yaml

Without Encryption

Procedure

base64 encoded apikey and apisecret.

$ echo -n '<value of your_api_key_for_v3_api from customised papi json>' | base64
Sample ouput : YWJjZDEyMzRlZmdoNTY3OA==
$ echo -n '<value of your_secret_for_v3_api from customised papi json>' | base64
Sample output : MTIzNGFiY2Q1Njc4ZWZnaA==z

Create a YAML file for creating the k8s secret. Do not change the secret name and the attribute name.

apiVersion: v1
kind: Secret
metadata:
name: configui-secrets
data:
.mlc_apikey: <output from step 1>
.mlc_apisecret: <output from step 2>

Create the Kubernetes secret.

$ kubectl apply -f configui-secrets.yaml

Creating Config UI User Secret

With Encryption

You can find the samples of Config UI User secrets at the following path: samples/configui/configui-usersecrets.yaml

note

You must modify the secret.
Do not change the secret name and attribute name.

Key	Value	Notes
.mlc_password	ConfigUI admin user password	You must set the ConfigUI admin password.
.mlc_server_secret	32 char text	Provide the server key for encryption. We recommend using random characters.

For encrypting Config UI User secrets, use apim_cyrpto. You can find the sample of an encrypted Config UI secrets in the following path: samples/configui/configui-usersecrets-with-encryption.yaml

Procedure

Create the k8s secret.

$ kubectl apply -f samples/configui/configui-secrets.yaml
$ kubectl apply -f samples/configui/configui-usersecrets.yaml

Optional: Use the encrypted version.

$ kubectl apply -f samples/configui/configui-secrets-with-encryption.yaml

Creating Mashery Onprem Manager (MOM) API Key and Secret (introduced in v6.1.0)

tip

This section was added in the Boomi Cloud API Management – Local Edition 6.1.0 release.

With Encryption

You can use mom-secret-encrypted.yaml or mom-secret-sample.yaml secret templates in the samples/general/ folder.

note

You should change the mom-secret-encrypted.yaml or mom-secret-sample.yaml secret template only when you deploy the Tethered cluster. Additionally, the parameters in the mom-secret-encrypted.yaml file have shifted to the mom-secret-sample.yaml file, and vice-versa.

When encrypting apikey and secret, use the same salt and nonce. The output of the encryption utility is base64 encoded and can be used directly.

Procedure

Encrypt API key and secret.

$ apim_crypto -s ‘abcd1234efgh5678’ -n ‘1234abcd5678efgh’ -t 
<apikey>
Sample output: YzQ4YTU4YTM2MzcyMzM2MWZmYWZiOWE5ZTRjYzM5MTc1OTY0NzdhOGI1ZTQxNjhmMTNjYmMyODU0ZTNlMjEwMGYyODQxMjdjMjQxMTZjMjY2MjMwMzUzMDM5MzIzMDMyMzQzMTM0MzQzMzMyMzg2NS1AQEA=
   $ apim_crypto -s ‘abcd1234efgh5678’ -n ‘1234abcd5678efgh’ -t 
<secret>
   Sample output:  ZmEwMjhmMDMyNzMwNjQ1NWIwNmQyOTkzMmJkM2EwOWExZTkzYmE5MDcxOThhZGM2YjdmMTYyMzAzNTMwMzkzMjMwMzIzNDMxMzQzNDM2MzUzNTY1LUBAQA==

base64 encode cryptography salt and nonce.

$ echo -n 'abcd1234efgh5678' | base64

YWJjZDEyMzRlZmdoNTY3OA==

$ echo -n ‘1234abcd5678efgh’ | base64

4oCYMTIzNGFiY2Q1Njc4ZWZnaOKAmQ==

Create the YAML file to create a k8s secret. Do not change the secret name and attribute name.

apiVersion: v1

   kind: Secret
   metadata:
      name: mom-secret
   data:
      .apimmomkey: N2UzM3U0Y.......JnYnkzN201dWZ2
      .apimmomsecret: ZXFzc.....hZNw==
      .momaeadsecret: YWJjZDEyMzRlZmdoNTY3OA==
      .momaeadnonce: MTIzNGFiY2Q1Njc4ZWZnaAo=

Without Encryption

You can use secret templates in samples/general/.

Procedure

base64 encode apikey and secret.

$ echo -n “MOM apikey> | base 64
Sample output : cnpwaHZxOTg0Nnkza3FxOGgzcDVmd2dnCh==
$ echo -n “MOM api secret”
Sample output: cktaSEM6RlFqbio=

Create a YAML file to create a secret. Do not change the secret name and attribute name.

apiVersion: v1
kind: Secret
metadata:
 name: mom-secret
data:
    # $ echo <apikey> | base64
   .apimmomkey: N2UzM3U0Y.......JnYnkzN201dWZ2
 # $ echo <apisecret> | base64
.apimmomsecret: ZXFzc.....hZNw==

Creating HTTP Proxy Secrets (introduced in v6.2.0)

tip

This section was added in the Boomi Cloud API Management – Local Edition (LE) 6.2.0 release.

With Encryption

You can use http-proxy-secret-with-encryption.yaml or its sample template in the samples/general/ folder.

note

You should change the http-proxy-secret-with-encryption.yaml template only when you deploy the Tethered cluster.

When encrypting the proxy username and password, use the same salt and nonce. The output of the encryption utility is base64 encoded and can be used directly.

Procedure

Encrypt proxy username and password.

$ apim_crypto -s 'abcd1234efgh5678' -n '1234abcd5678efgh' -t <proxy-username>
Sample output: YzQ4YTU4YTM2...MzQzMzMyMzg2NS1AQEA=

$ apim_crypto -s 'abcd1234efgh5678' -n '1234abcd5678efgh' -t <proxy-password>
Sample output: ZmEwMjhmMDMy...MzUzNTY1LUBAQA==

base64 encode cryptography salt and nonce.

$ echo -n 'abcd1234efgh5678' | base64
YWJjZDEyMzRlZmdoNTY3OA==

$ echo -n '1234abcd5678efgh' | base64
MTIzNGFiY2Q1Njc4ZWZnaA==

Create the YAML file to create a k8s secret.

note

Do not change the secret name and attribute name.

yaml
apiVersion: v1
kind: Secret
metadata:
name: http-proxy-secret-with-encryption
data:
.proxyuser: YzQ4YTU4YTM2...MzQzMzMyMzg2NS1AQEA=
.proxypassword: ZmEwMjhmMDMy...MzUzNTY1LUBAQA==
.proxyaeadsecret: YWJjZDEyMzRlZmdoNTY3OA==
.proxyaeadnonce: MTIzNGFiY2Q1Njc4ZWZnaA==

Without Encryption

You can use http-proxy-secret.yaml or its sample template in the samples/general/ folder.

base64 encode proxy username and password.

$ echo -n "<proxy-username>" | base64
Sample output: Y3JwYnh1c2VyCg==

$ echo -n "<proxy-password>" | base64
Sample output: cHJveHlQYXNzCg==

Create the YAML file to create a secret.

note

Do not change the secret name and attribute name.

yaml
apiVersion: v1
kind: Secret
metadata:
name: http-proxy-secret
data:
.proxyuser: Y3JwYnh1c2VyCg==
.proxypassword: cHJveHlQYXNzCg==

Creating General Secret

Create the k8s secret.

$ kubectl apply -f samples/general/api-debug-header-secrets-sample.yaml

important

In LE v6.0.0, the secret must not be modified.
In LE v6.1.0, you must modify the secret as part of the setup.

Creating General Proxy Secret (introduced in v6.2.0)

tip

This section was added in the Boomi Cloud API Management – Local Edition (LE) 6.2.0 release.

Create the k8s secret.

$ kubectl apply -f samples/general/http-proxy-secret-sample.yaml