Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

AEM as a Cloud service - Crypto support

Avatar

Avatar
Boost 3
Level 1
bartek__w
Level 1

Likes

3 likes

Total Posts

10 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Boost 1
Affirm 1
View profile

Avatar
Boost 3
Level 1
bartek__w
Level 1

Likes

3 likes

Total Posts

10 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Boost 1
Affirm 1
View profile
bartek__w
Level 1

03-05-2021

Hi,

 

I am investigating ways of working for new AEM as a Cloud Service. One of the common features used in AEM projects was Crypo support that allowed to encrypt any secret as password, API key and keep it in the repository in OSGI config. Usually we shared one crypto key pair for our test envs and then used another keys on stg/prod. Encrypting was done manually on the instance.

 

Could you please help me and explain how it should be done in AEM as a Cloud ? I can see that local development did not change much but how this should be handled for environments hosted by Adobe (dev/stg/prod) ? In the documentation I see that cloudsetup takes care of automatically reusing the environment-specific CryptoKey but what is the correct way to encrypt given secret? As I see there is no access to /system/console anymore so I do not see a way to do that.

 

Thanks for your help,

Cheers

 
AEM cloud manager cloud service crypto osgi

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Coach
Employee
jbrar
Employee

Likes

387 likes

Total Posts

869 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile

Avatar
Coach
Employee
jbrar
Employee

Likes

387 likes

Total Posts

869 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile
jbrar
Employee

04-05-2021

I would recommend logging a support ticket in this case. The support team can reach out to Adobe Engineering for detailed explanation

Answers (3)

Answers (3)

Avatar

Avatar
Boost 3
Level 1
bartek__w
Level 1

Likes

3 likes

Total Posts

10 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Boost 1
Affirm 1
View profile

Avatar
Boost 3
Level 1
bartek__w
Level 1

Likes

3 likes

Total Posts

10 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Boost 1
Affirm 1
View profile
bartek__w
Level 1

06-05-2021

I found another documentation that states that on envs managed via Cloud Manager a special env-related variables can be used for secrets and regular configurations like.

 

{
"connection.timeout": 1000,
"api-key": "$[secret:server-api-key]",
"url": "$[env:server-url]"
}

 

So I far as I understand this is a way to go. On local/on prem envs used for develpmnet a shared crypto key could be used to keep all secrets safe. 

Avatar

Avatar
Boost 3
Level 1
bartek__w
Level 1

Likes

3 likes

Total Posts

10 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Boost 1
Affirm 1
View profile

Avatar
Boost 3
Level 1
bartek__w
Level 1

Likes

3 likes

Total Posts

10 posts

Correct Reply

1 solution
Top badges earned
Boost 3
Boost 1
Affirm 1
View profile
bartek__w
Level 1

04-05-2021

Hi @krishna_chaita2, thanks for the answer but I am still not sure how this should be handled on AEM as a Cloud environment. 

 

I can configure the key locally and then encrypt secrets using /system/console/crypto on my local instance and resuse this key pair on all development instances that we create manually but how that is related to the key that is used for encryption on AEM as a cloud service dev/stage/prod (I do not see option to use /system/console/crypto to get actual encrypted value).

 

What steps should be taken to encrypt some API key for prod and put the encrypted value inside the OSGI config that will be later deployed via Cloud manager ? Should it be encrypted separately for author and publish ?

 

Avatar

Avatar
Applaud 5
Level 2
krishna_chaita2
Level 2

Likes

12 likes

Total Posts

44 posts

Correct Reply

0 solutions
Top badges earned
Applaud 5
Give Back 3
Boost 10
Boost 5
Give Back
View profile

Avatar
Applaud 5
Level 2
krishna_chaita2
Level 2

Likes

12 likes

Total Posts

44 posts

Correct Reply

0 solutions
Top badges earned
Applaud 5
Give Back 3
Boost 10
Boost 5
Give Back
View profile
krishna_chaita2
Level 2

04-05-2021

@bartek__w 

 

if we configure the crypto keys for the local environment as per the procedure documented in below article that will be enough. It will be taken care of automatically, once your application deployed to the Cloud environment.

If you already validated this procedure and not working,  reach out Adobe support through case.

 

Crypto key configuration Procedure

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/implementing/developing/aem...

 

Adobe AEM Support Help document.

https://helpx.adobe.com/enterprise/admin-guide.html/enterprise/using/support-for-experience-cloud.ug...

 

Thanks

K Chaitanya