Help Center/ Cloud Application Engine/ Best Practices/ Configuring the Interconnection Between CAE and DEW to Help Applications Obtain Encrypted Secrets from DEW/ Configuring a Secret and Injecting It as an Environment Variable
Updated on 2024-05-25 GMT+08:00
View PDF
Share

Configuring a Secret and Injecting It as an Environment Variable

In this practice, you can add DEW secrets and import them into components as environment variables to protect data.

Creating a DEW Credential

  1. Log in to DEW.
  2. Choose Cloud Secret Management Service.
  3. Click Create Secret and set parameters by referring to Table 1.

    Table 1 Secret parameters

    Parameter

    Description

    Type

    Select Shared secret.

    Secret Name

    Enter a secret name. In this practice, enter db.

    Enterprise Project

    ID of the enterprise project to which a secret is bound during creation.

    In this practice, select default.

    Secret Value

    Select Plaintext and enter 123456.

    Description

    In this practice, leave it blank.

    KMS Encryption Key

    Select csms/default.

    Associated Event

    In this practice, select None.

  4. Click Next. The rotation period cannot be set for shared secrets. Click Next again to confirm the secret information.
  5. Click OK.

    You can view the created secret in the secret list. The default status of a secret is Enabled.

Adding a Secret

  1. Log in to CAE.
  2. Choose System Settings.

    If KMS CMKFullAccess and CSMS ReadonlyAccess are not granted, grant them as the administrator.
    Figure 1 Authorization

  3. Click Edit in the Secret Configuration module.
  4. Click Create Secret. In the displayed dialog box, select the secret created in Creating a DEW Secret and the required version.

    Figure 2 Adding a secret

  5. Click OK.

Configuring an Environment Variable

  1. Choose Component Configurations.
  2. Select the target component.
  3. Click Edit in the Environment Variables module.
  4. Click Add Environment Variable and configure the environment variable by referring to Table 2.

    Table 2 Configuring an environment variable

    Parameter

    Description

    Type

    Select Import secret.

    Name

    Name of an environment variable, for example, test1.

    The name must be unique.

    Variable/Variable Reference

    Select the secret created in Adding a Secret from the drop-down list.
    Figure 3 Configuring an environment variable

  5. Click Save in the Operation column. On the Set Environment Variable page, click OK.
  6. Click Activate Settings in the upper part of the page.

    In the dialog box displayed on the right, confirm the configurations and click OK for the configurations to take effect.

Verifying the Configurations

  1. Choose Instance List.
  2. Select the target environment and application from the drop-down lists in the upper part of the page, and click the target component.
  3. Select the target instance and click Remote Login in the Operation column.
  4. Check the environment variable, which is the same as the secret value in the DEW secret.

    Figure 4 Secret value in DEW
    Figure 5 Environment variable in remote login