Name: secure-credentials-broker
Owner: Cloud Foundry
Description: null
Created: 2018-02-02 18:18:11.0
Updated: 2018-05-13 03:59:20.0
Pushed: 2018-03-29 15:52:37.0
Homepage: null
Size: 9968
Language: Go
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
NB: This service broker is provided as a proof-of-concept and as a practical example for integrating service brokers with CredHub. It is not actively maintained or intended for deployment or use in production environments.
This broker is prototype application service broker that lets user-provided credentials to be securely stored in CredHub for applications to use. The service broker stores the user-provided configuration parameters in CredHub, and returns a CredHub reference back to the platform.
For the entire process about how to setup a local environment by using BOSH Lite and Cloud Foundry cf-deployment
, please refer to here.
ac target https://<your-uaa-domain>
ac token client get admin
nt secret: <admin-password>
ac client add secure-credentials-broker -i
client secret: my-secret
fy new secret: my-secret
e (list):
orized grant types (list): client_credentials
orities (list): credhub.read,credhub.write
ss token validity (seconds): 3600
esh token validity (seconds):
rect uri (list):
approve (list):
up redirect url (url):
ope: uaa.none
ient_id: secure-credentials-broker
source_ids: none
thorized_grant_types: client_credentials
toapprove:
cess_token_validity: 3600
thorities: credhub.write credhub.read
me: secure-credentials-broker
gnup_redirect_url:
quired_user_groups:
stmodified: 1519917340000
: secure-credentials-broker
git clone
this repo and modify the manifest file to have the client and client secret you created using uaac.For example:
HUB_SERVER: https://credhub.service.cf.internal:8844
HUB_CLIENT: secure-credentials-broker
HUB_SECRET: my-secret
_TLS_VALIDATION: true
ER_AUTH_USERNAME: user
ER_AUTH_PASSWORD: password
api <your-cf-api-url-goes-here>
login
create-org myOrg
create-space mySpace -o myOrg
target -o myOrg -s mySpace
"protocol": "tcp",
"destination": "10.0.0.0/16",
"ports": "8844,8443"
Note: Please refer to here for the example and the
destination
is subject to your ERT/PAS network CIDR
push
create-security-group secure-service-credentials asg.json
bind-staging-security-group secure-service-credentials
bind-running-security-group secure-service-credentials
create-service-broker secure-credentials-broker admin admin https://<your-service-broker-app-url-goes-here>
enable-service-access secure-credentials -p default -o myOrg
Create a service instance of your broker and bind to the application that is meant to talk to the broker
create-service secure-credentials default myInstance -c '{"myJsonKey":"myJsonValue"}'
push <your-app-that-talks-to-broker>
bind-service myApp myInstance
restage myApp
Assuming that you are running credhub in assisted-mode your application should be able to access the JSON used when creating the service-instance.
If you would like to update the data that the application has access to, you can do the following:
update-service myInstance -c '{"updatedKey":"updatedValue"}'
restage myApp