Skip to content

Latest commit

 

History

History
65 lines (54 loc) · 3.26 KB

framework-dyadic_ekm_security_provider.md

File metadata and controls

65 lines (54 loc) · 3.26 KB
Raw

Dyadic EKM Security Provider Framework

The Dyadic EKM Security Provider Framework causes an application to be automatically configured to work with a bound Dyadic EKM.

Detection Criterion Existence of a single bound Dyadic EKM Security Provider service. The existence of an Dyadic EKM Security service defined by the VCAP_SERVICES payload containing a service name, label or tag with dyadic as a substring.
Tags dyadic-security-provider=<version>
Tags are printed to standard output by the buildpack detect script

User-Provided Service

When binding to the Dyadic EKM Security Provider using a user-provided service, it must have name or tag with dyadic in it. The credential payload can contain the following entries:

Name Description
ca A PEM encoded CA certificate
key A PEM encoded client private key
recv_timeout A timeout for receiving data (in milliseconds)
retries The number of times to retry the connection
send_timeout A timeout for sending data (in milliseconds)
servers A comma delimited list of servers to connect to

Example Credentials Payload

{
  "ca": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
  "key": "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----",
  "recv_timeout": 1000,
  "retries": 5,
  "send_timeout": 1000,
  "servers": "test-server-1,test-server-2"
}

Creating Credential Payload

In order to create the credentials payload, you should collapse the JSON payload to a single line and set it like the following

$ cf create-user-provided-service dyadic -p '{"ca":"-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----","key":"-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----","recv_timeout":1000,"retries":5,"send_timeout":1000,"servers":"test-server-1,test-server-2"}'

Configuration

For general information on configuring the buildpack, including how to specify configuration values through environment variables, refer to Configuration and Extension.

The framework can be configured by modifying the config/dyadic_security_provider.yml file in the buildpack. The framework uses the Repository utility support and so it supports the version syntax defined there.

Name Description
repository_root The URL of the Dyadic Security Provider repository index (details).
version Version of the Dyadic Security Provider to use.

Additional Resources

The framework can also be configured by overlaying a set of resources on the default distribution. To do this, add files to the resources/dyadic_security_provider directory in the buildpack fork.