search

wso2 / product-microgateway

Choreo Connect is a cloud-native, open-source, and developer-centric API gateway.
https://wso2.com/choreo/choreo-connect/
Apache License 2.0
287 stars 246 forks source link

Encrypting passwords in micro gateway ( Docker) #3513

Closed chashikajw closed 1 month ago

chashikajw commented 1 month ago

Description

The issue is that the container created using the built image doesn't start up properly when the "ballerinaKeystore" and "ballerinaTruststore" passwords are encrypted for the Docker environment in Microgateway. However, it functions as expected in the VM-based approach.

Steps to Reproduce

  1. First, go to the /lib/platform/bin folder and execute the following command

./ballerina encrypt

  1. Enter the value which you need to encrypt with a secret.
  2. After entering both values, you will get an encryption key as below.

<key>="@encrypted:{hQJverd9yJi7iF98/gyTkuIjY75gXdcEqmUeEleKRJ4=}"

  1. Open the [PROJECT_HOME]/conf/deployment-config.toml file.
  2. Add the below configurations to copy the secret file to the image. 
    [docker.dockerCopyFiles]
enable = true
[[docker.dockerCopyFiles.files]]
  source = '/Users/niran/Documents/Tickets/INFORMATICASUB-268/wso2am-micro-gw-toolkit-macos-3.2.0/resources/conf/micro-gw.conf'
  target = '/home/ballerina/conf/micro-gw.conf'
    isBallerinaConf = true
[[docker.dockerCopyFiles.files]]
  source = '/Users/niran/Documents/Tickets/INFORMATICASUB-268/secret.txt'
  target = '/home/ballerina/secret.txt'
    isBallerinaConf = false
  3. Then change the CMD parameter. 
    cmd = 'CMD gateway  --b7a.config.secret=/home/ballerina/secret.txt'
  4. Build the image.

When trying out the above approach we could see that the image is not starting up properly.

Version

Microgateway 3.2.0

Related Issues

https://github.com/wso2/api-manager/issues/2886