Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

There may be many situations in your implementation where you’d need to use credentials to send an API request or login to an external database or system.

It is essential for the security of your operations to be able to with credentials without making them visible to all users and developers.

Credential definitions

The credentials are expected to be stored in the kbot.conf configuration files, which may exist at multiple levels, for the settings to be specific to a particular bot instance, or shared between multiple instances.

These configuration files are typically edited by customers, using the DevOps / Deployment view:

When you click on the Apply button, all passwords and secrets are automatically encrypted.

(question) The rule is that any variable name ending with _password or _secret is encrypted.

Unsecure setup

Here is an example of the configuration of typical configuration data

# App Integration
one_app_api = https://one-app.company.com/rest/api/v2/
one_app_authorization = Basic amlyYWlsjflskjdf

That you may then be able to use in either a Workflow node such as the Web Service node, or using python script, for example: 

    headers = {
        'Accept': 'application/json',
        'Content-Type': 'application/json',
        'Authorization': Bot.Bot().GetConfig("jira_authorization")
    }
    url = Bot.Bot().GetConfig("one_app_api") + "search?username={email}"
    response = requests.get(url, headers=headers)

In the above, your code is not secured in that anyone having access to the back office could see the authorisation credentials.

Secure setup

By default, the bot will automatically encryp in the configuration files all the variables ending with _password or _secret. So rename your sensitive variables accordingly: 

# App Integration
one_app_api = https://one-app.company.com/rest/api/v2/
one_app_authorization_secret = Basic amlyYWlsjflskjdf

When saved, the file will then look like this: 

# App Integration
one_app_api = https://one-app.company.com/rest/api/v2/
one_app_authorization_secret = JZVf4hamtMf1+WOEBe2X+XG4zRCbD5su+P8FnCo7YutJE2nxSWp7Qq5d9Ycu9qVn=

Then inside the code, use the GetSecretConfig to retrieve the data you need. 

    headers = {
        'Accept': 'application/json',
        'Content-Type': 'application/json',
        'Authorization': Bot.Bot().GetSecretConfig("jira_authorization_secret")
    }
    url = Bot.Bot().GetConfig("one_app_api") + "search?username={email}"
    response = requests.get(url, headers=headers)

  • No labels