Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Restrict Developer Console OAuth API Credentials to enable only AEMaaCS Prod instance Environment variables

Avatar

Level 2

Hi,

 

I'm using AIO Java SDK which uses OAuth Credentials and setting Environment variables.

 

Its working for Non prod and Prod.

 

But how to restrict the OAuth API Credentials to work only for Prod.?

 

 

 

Thanks,

Bhargav

1 Accepted Solution

Avatar

Correct answer by
Level 2

Correct Answer:

Open the AEM Cloud Service Developer Console by accessing the URL provided by your AEM Cloud Service environment.

  1. Log in to the Developer Console using your Adobe ID credentials.

  2. Once logged in, navigate to the "API Credentials" section or a similar section that allows you to manage API credentials.

  3. In the API Credentials section, you should see a list of existing credentials or an option to create new credentials. Locate the credentials for which you want to assign a non-prod environment profile.

  4. Edit the specific credentials you want to assign a non-prod environment profile to.

  5. Look for an option or field that allows you to specify the environment profile for the credentials. It might be labeled as "Environment Profile" or similar.

  6. Select the non-prod environment profile from the available options. The exact names and options will depend on your AEM Cloud Service configuration.

  7. Save or update the credentials to apply the changes.

By assigning the non-prod environment profile to the API credentials, you are specifying that these credentials are intended for non-production environments, such as development or testing environments. This can help differentiate and manage credentials specifically for non-prod environments within the AEM Cloud Service Developer Console.

View solution in original post

4 Replies

Avatar

Community Advisor

hello @bhargavthogata111 

 

In what context are you using the OAuth credentials from https://developer.adobe.com/console in AEM?


Aanchal Sikka

Avatar

Level 2

@aanchal-sikka 

I have created a custom Maven plugin (Ex: as in https://www.baeldung.com/maven-plugin) and i'm using aio-lib-java-cloudmanager (  https://github.com/adobe/aio-lib-java-cloudmanager/tree/main ) maven dependency in POM and used the OAuth credentials created in developer console in this SDK .

In Bamboo i'm using Maven task and configured this maven plugin. I'm reading client id, client secret from Bamboo variables.. Able to set environment variables,  run pipelines from Bamboo.The same OAuth credentials are working for Non Prod and Prod. 

 

I want to create a seperate Bamboo job for Non prod and Prod. So that i can have restrictive access to Prod. But the same OAuth credentials are able to set environment variables for Prod, Non Prod as well.

 

I don't see any way in Developer Console to control access to these OAuth credentials to work only for Non Prod and work only for Prod like that.

Avatar

Community Advisor

@bhargavthogata111 

 

I guess you would have Cloud Manager API bound to this credential, like below:

 

aanchalsikka_0-1687757591395.png

 

Can you try removing the "Business Owner - Cloud Service" from the Product profile and see if you can still access PROD?

 

 


Aanchal Sikka

Avatar

Correct answer by
Level 2

Correct Answer:

Open the AEM Cloud Service Developer Console by accessing the URL provided by your AEM Cloud Service environment.

  1. Log in to the Developer Console using your Adobe ID credentials.

  2. Once logged in, navigate to the "API Credentials" section or a similar section that allows you to manage API credentials.

  3. In the API Credentials section, you should see a list of existing credentials or an option to create new credentials. Locate the credentials for which you want to assign a non-prod environment profile.

  4. Edit the specific credentials you want to assign a non-prod environment profile to.

  5. Look for an option or field that allows you to specify the environment profile for the credentials. It might be labeled as "Environment Profile" or similar.

  6. Select the non-prod environment profile from the available options. The exact names and options will depend on your AEM Cloud Service configuration.

  7. Save or update the credentials to apply the changes.

By assigning the non-prod environment profile to the API credentials, you are specifying that these credentials are intended for non-production environments, such as development or testing environments. This can help differentiate and manage credentials specifically for non-prod environments within the AEM Cloud Service Developer Console.