search

square / keywhiz

A system for distributing and managing secrets
https://square.github.io/keywhiz/
Apache License 2.0
2.62k stars 216 forks source link

How to customize keywhiz server to authenticate with username and password to consume any service ? #122

Closed hshyamh4 closed 9 years ago

hshyamh4 commented 9 years ago

I want to consume a service which has to give me a secret by taking a user name and password.

sul3n3t commented 9 years ago

Reading secret content by authenticating with a password is not supported.

hshyamh4 commented 9 years ago

@sul3n3t

If i want to customize keywhiz to authenticate username and password for consuming a secret,then what and where i need to customize the application ?

sul3n3t commented 9 years ago

It's not currently supported to access secret content with a username/password combination. I recommend using strong authentication, like client certificates.

However, you can customize and add something that will do that. Create your own REST endpoint, similar to keywhiz.service.resources.SecretDeliveryResource, which is pretty simple. Register them with jersey in an io.dropwizard.Bundle. Lastly, register your custom bundle with Keywhiz:

KeywhizService keywhizService = new KeywhizService();
Command serverCommand = new ServerCommand<>(keywhizService);
Bootstrap<KeywhizConfig> bootstrap = new Bootstrap<>(keywhizService);
bootstrap.addCommand(serverCommand);
bootstrap.addBundle(someCustomBundle);
keywhizService.initialize(bootstrap);
serverCommand.run(...)