Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configurable API Key K8s secret key name #360

Open
guicassolato opened this issue Oct 27, 2022 · 0 comments · May be fixed by #488
Open

Configurable API Key K8s secret key name #360

guicassolato opened this issue Oct 27, 2022 · 0 comments · May be fixed by #488
Assignees
@KevFan
Labels
area/api area/implementation kind/enhancement New feature or request participation/good first issue Good for newcomers size/small
Milestone
v0.19.x

Comments

@guicassolato
Copy link
Collaborator

API Key values currently need to be stored in a key necessarily named as api_key within the Kubernetes Secret resource. It would be nice:

  1. to be able to customise the name of this key within the secret; perhaps
  2. making possible to provide multiple name options.

E.g.:

apiVersion: authorino.kuadrant.io/v1beta1
kind: AuthConfig
metadata:
  name: my-api-protection
spec:
  hosts: [...]
  identity:
  - name: friends
    apiKey:
      selector:
        matchLabels:
          group: friends
      keySelectors:
      - first-api-key-value
      - second-api-key-value
    credentials:
      in: authorization_header
      keySelector: APIKEY

So a Kubernetes as such could be defined:

apiVersion: v1
kind: Secret
metadata:
  name: api-key-1
  labels:
    authorino.kuadrant.io/managed-by: authorino
    group: friends
stringData:
  first-api-key-value: secret
  second-api-key-value: other-secret
type: Opaque

Point number 1 above helps with avoiding the strict constraint on the name and implications such as in some case not being able to use the same Kubernetes Secret resource that stores the API key for other purposes or for different AuthConfigs (with different API key secret values).

And, by supporting multiple valid key names (point number 2 above), that Authorino would try in order when reading the secret value of the API key (stopping when the first valid key name is found within the Kubernetes Secret), this change would also make it easier to implement key rotation, which otherwise could only be done by creating a new Kubernetes Secret.
@guicassolato guicassolato added the participation/good first issue Good for newcomers label Mar 1, 2023
@guicassolato guicassolato added this to the v0.17.x milestone Dec 19, 2023
@guicassolato guicassolato modified the milestones: v0.17.x, v0.18.x Feb 22, 2024
@guicassolato guicassolato modified the milestones: v0.18.x, v0.19.x Aug 21, 2024
@KevFan KevFan self-assigned this Sep 18, 2024
@KevFan KevFan moved this from Todo to In Progress in Kuadrant Sep 18, 2024
@KevFan KevFan linked a pull request Sep 18, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KevFan KevFan

Labels
area/api area/implementation kind/enhancement New feature or request participation/good first issue Good for newcomers size/small
Projects
Kuadrant
Status: In Progress
Kuadrant Service Protection
Status: No status
Milestone
v0.19.x
Development

Successfully merging a pull request may close this issue.

feat: configurable API Key K8s secret key name KevFan/authorino
2 participants
@guicassolato @KevFan