AEM cloud, how to deploy secret client settings without putting them in GIT?

Avatar

Avatar
Affirm 5
Level 4
TB3dock
Level 4

Likes

37 likes

Total Posts

223 posts

Correct reply

5 solutions
Top badges earned
Affirm 5
Ignite 10
Boost 25
Give Back 25
Validate 10
View profile

Avatar
Affirm 5
Level 4
TB3dock
Level 4

Likes

37 likes

Total Posts

223 posts

Correct reply

5 solutions
Top badges earned
Affirm 5
Ignite 10
Boost 25
Give Back 25
Validate 10
View profile
TB3dock
Level 4

06-07-2021

The standard way to add env. specific config settings is to use OSGi config files and the editor. The problem is that the editor is disabled for Cloud.   If we put secrets in git, any developer can access production systems.

 

how can we get round this?  Is there a standard out of the box way to include env specific values which are not in Git, which the backend devs can use for integrating with banking systems etc?

 

This page:

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/implementing/deploying/conf...

Says this:

When to use secret environment-specific configuration values

Adobe Experience Manager as a Cloud Service requires the use of environment-specific configurations ($[secret:SECRET_VAR_NAME]) for any secret OSGi configuration values, such as passwords, private API keys, or any other values that cannot be stored in Git for security reasons.

Use secret environment-specific configurations to store the value for secrets on all Adobe Experience Manager as a Cloud Service environments, including Stage and Production.

 

So there appears to be a mechanism, but there is no mention of how this mechanism works or is used. how do we set the values?

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Affirm 100
MVP
shelly-goel
MVP

Likes

246 likes

Total Posts

409 posts

Correct reply

105 solutions
Top badges earned
Affirm 100
Give Back 25
Ignite 3
Give Back 10
Validate 1
View profile

Avatar
Affirm 100
MVP
shelly-goel
MVP

Likes

246 likes

Total Posts

409 posts

Correct reply

105 solutions
Top badges earned
Affirm 100
Give Back 25
Ignite 3
Give Back 10
Validate 1
View profile
shelly-goel
MVP

06-07-2021

@TB3dock  Please use the syntax provided in the link you shared to use a variable (secret or dev env variable) in your config and set these values using cloud manager

https://github.com/adobe/aio-cli-plugin-cloudmanager#aio-cloudmanagerenvironmentset-variables-enviro...

Answers (2)

Answers (2)

Avatar

Avatar
Applaud 25
Level 10
asutosh_jena
Level 10

Likes

593 likes

Total Posts

705 posts

Correct reply

206 solutions
Top badges earned
Applaud 25
Give Back 100
Boost 500
Affirm 100
Ignite 1
View profile

Avatar
Applaud 25
Level 10
asutosh_jena
Level 10

Likes

593 likes

Total Posts

705 posts

Correct reply

206 solutions
Top badges earned
Applaud 25
Give Back 100
Boost 500
Affirm 100
Ignite 1
View profile
asutosh_jena
Level 10

06-07-2021

Hi @TB3dock 

 

You can set the environment specific values using either API or using the command Line.

Please see the below links for more details about API and Command Line:

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/implementing/deploying/conf...

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/implementing/deploying/conf...

 

Thanks!

Avatar

Avatar
Springboard
Level 7
KiranVedantam1992
Level 7

Likes

190 likes

Total Posts

207 posts

Correct reply

60 solutions
Top badges earned
Springboard
Give Back 5
Ignite 1
Affirm 50
Validate 1
View profile

Avatar
Springboard
Level 7
KiranVedantam1992
Level 7

Likes

190 likes

Total Posts

207 posts

Correct reply

60 solutions
Top badges earned
Springboard
Give Back 5
Ignite 1
Affirm 50
Validate 1
View profile
KiranVedantam1992
Level 7

06-07-2021

Hi @TB3dock,

 

You can use the context-aware configurations to add these values into any environment. Please note that these can be authored as well as sent via code.

 

https://sling.apache.org/documentation/bundles/context-aware-configuration/context-aware-configurati...

 

Thanks,

Kiran Vedantam.