API7 Enterprise v3.2.16.3 Integrates with AWS Secrets Manager

Zhihuang Lin

Zhihuang Lin

November 7, 2024

Products

In API7 Enterprise v3.2.16, we have officially introduced the secret providers. This feature is designed to allow sensitive information stored in external Secret management services to be referenced as variables within API7 Enterprise, thereby enhancing system security. In version v3.2.16.1, integration with HashiCorp Vault was implemented, and in the current update, support for AWS Secrets Manager has been added.

How to Integrate with AWS Secrets Manager?

1. Adding a Secret Provider

In the API7 dashboard, select AWS Secrets Manager as the secret manager and fill in the corresponding configuration details.

Configure AWS Secret Provider in API7 Enterprise

  • Region: Specifies the AWS service region, a required parameter when making requests to AWS services, used to determine the exact region where the request is sent.

  • Endpoint URL: If users need to interact with a local development environment, test environment, or other custom AWS deployments, they can specify a custom Endpoint URL to bypass the default regional selection for more flexible access.

  • Access Key ID and Secret Access Key: These are the AWS user's access credentials used for authentication.

  • Session Token: A short-lived temporary security credential suitable for scenarios requiring temporary access to AWS resources. Users can use it in automation scripts or third-party applications to gain temporary access.

2. Viewing the Secret Provider

Once the secret provider is created, users can view the configuration details and concatenated variables on its detail page.

View AWS Secret Provider in API7 Enterprise

3. Referencing Secret Variables

After successfully creating the secret provider, users can reference sensitive data stored in external systems in various API7 Enterprise resources as variables. The $secret_name and $key within the variable should be replaced with the corresponding secret names and key values to ensure correct data referencing.

Reference Secrets from AWS Secrets Manager

Additionally, in non-form pages (such as the plugin editor), users can directly input the value of the secret variable as a string into fields that support Secret references.

Configure Secrets When Enabling Plugins

For detailed usage instructions on secret providers, please refer to the relatedSecrets Documentation for API7 Enterprise.

Summary

By integrating AWS Secrets Manager, API7 Enterprise provides users with a more secure and efficient secret management solution, helping them better protect sensitive information. The API7 team will continue to monitor user needs and expand the types and functionalities of Secret Providers, offering more diverse and secure secret management services.

Tags:
API SecurityData SecurityAPI7 Enterprise