API Reference
HomeGuidesAPI ReferenceChangelogDiscussions
Log InAPI Reference
Guides
Start typing to search…

Using a key vault in Docker (TPP only)

Using key vault in Docker (TPP only)

To enforce privacy and security, we have added the possibility to get data from an Azure key vault instead of having to store them in the Docker's configuration.

To use it, the TPP has to add new "settingsConnectionStrings" section at the root of the config.json file. Inside there may be placed multiple connections string with the following format: "<vaultType>;<vaultURL>". Example:

{
	"settingsConnectionStrings": {
  	"connection1": "<vaultType>;<vaultURL>",
  	"connection2": "<vaultType>;<vaultURL>"
	}
}

Currently the only supported vaultType is "AzureKeyVault".

To use an object from your vault, use following format "$<connectionName>;<keyVaultPropertyName>".

Example:

{
  "defaultBankSettings": {  
  	"ncaId": "$connection1;ncaId",
  	"appClientId": "$connection1;appClientId",
  	"appClientSecret": "$connection1;appClientSecret",
  	"tlsCertificateName": "$connection2;tlsCertificateName",
  	"tlsCertificatePassword": "$connection2;tlsCertificatePassword",
  	"signingCertificateName": "$connection2;signingCertificateName",
  	"signingCertificatePassword": "$connection2;signingCertificatePassword"
	}
}

You can also use it the same way to fetch full setting object, by sending the same format in "bankSettingsCode" in the request model. That will try to get JSON object with all the necessary objects from your key vault.

E.g., in the model you sent in the request, model.bankSettingsCode is equal to "$connection2;settings-BE-BNP" and in your "$connection2" vault, you have define an object "settings-BE-BNP" with the JSON string value '{ "ncaid": "XYZ", "appClientId": "123"... }'

"bankSettingsCode" with simple value can also be used to get pre-set setting values from the config.jon file.

E.g., in the model you sent in the request, model.bankSettingsCode is equal to "settings-BE-BNP" and in your config.json, you define:

{
  ...
  "settings-BE-BNP": {
    "ncaId": "$connection1;ncaId",
  	"appClientId": "$connection1;appClientId",
  	"appClientSecret": "$connection1;appClientSecret",
  	"tlsCertificateName": "$connection2;tlsCertificateName",
  	"tlsCertificatePassword": "$connection2;tlsCertificatePassword",
  	"signingCertificateName": "$connection2;signingCertificateName",
  	"signingCertificatePassword": "$connection2;signingCertificatePassword"
  }
  ...
}

Updated 2 days ago