You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently Owner onboarding server authenticates with ServiceInfo API server using a shared Bearer Token hard coded in the config file. It would be nice to have some integration to secure keyvault so the bearer token can be stored and read from the vault.
For Ex When deploying in AWS.
We could create an instance of AWS secrets manager and allow the instance running Owner server to read secrets stored in secrets manager using in AWS IAM policy. Config should provide a mechanism to inject the ARN of secrets manager. When Onboarding communicates with ServiceInfo read the token from secrets manager.
This also allows easy rotation of tokens without having to update config and restart server
There should also be an option to integrate with an external oidc provider so that owner could get a short living token to authenticate itself with the service info api server
The text was updated successfully, but these errors were encountered:
Currently Owner onboarding server authenticates with ServiceInfo API server using a shared Bearer Token hard coded in the config file. It would be nice to have some integration to secure keyvault so the bearer token can be stored and read from the vault.
For Ex When deploying in AWS.
We could create an instance of AWS secrets manager and allow the instance running Owner server to read secrets stored in secrets manager using in AWS IAM policy. Config should provide a mechanism to inject the ARN of secrets manager. When Onboarding communicates with ServiceInfo read the token from secrets manager.
This also allows easy rotation of tokens without having to update config and restart server
There should also be an option to integrate with an external oidc provider so that owner could get a short living token to authenticate itself with the service info api server
The text was updated successfully, but these errors were encountered: