2

To call the Key Protect service API, you need to provide Authorization, Bluemix-space and Bluemix-org headers. The Authorization header contains a Bluemix access token. Such tokens can be obtained by calling cf oauth-token command (see How to get OAuth token from CloudFoundry).

What I do not understand is:

  1. What is the default validity of such a token in Bluemix?
  2. If I need to call Key Protect service from a Blumeix (e.g. Liberty) application, I need to store somewhere the Authorization credentials in order to call the service. What is the best / suggested way to do that? Environment variable? User-provided service?
amadain
  • 2,724
  • 4
  • 37
  • 58
Pavel Marek
  • 23
  • 5

1 Answers1

1

The oauth-token returned using the cf oauth-token command is valid for the given session. However in Bluemix this session is set a validity of 1 day. You can look at the related thread here, where this is answered, https://developer.ibm.com/answers/questions/207063/oauth-access-token-expiry-how-to-increase-validity.html

You can refer to the Key Protect API docs here to get an understanding of how to use the APIs, with the retrieved oauth token from Bluemix, https://console.ng.bluemix.net/apidocs/639-key-protect?&language=node#retrieve-secrets-based-on-a-search-query

sreelathas
  • 58
  • 1
  • 7
  • Thanks, but then it is really not clear how can I use Key Protect API within running application without providing every day new token? My app needs to access Key Protect API periodically to get various secrets. – Pavel Marek Feb 06 '17 at 08:40
  • One of the ways to do this is to use a cf client SDK such as this one https://github.com/cloudfoundry/cf-java-client, to retrieve the token and set it as a header within your application, every time your application needs to call the Key Protect service API. You will not be able to work with one token forever, tokens have expiry. – sreelathas Feb 07 '17 at 09:24
  • But again it means store anywhere the id and password to get the token, like in ENV variables or custom user-provided service. – Pavel Marek Feb 09 '17 at 12:11