Security
There is only one per node (server) and it gets generated when the node starts for the first time. Once you install the server.
download these keys before securing the Management API.
Using the CLI, type in
http get http://server-ip:8080/sys/mgm/instance/keys >> root && load keys root
This command will download the root keys and load into the CLI. Root keys are required to create, drop spaces and create ADMIN security keys.
Learn more about Managing Spaces
BlueNimble Server (Api Gateway or Node Runtime) is accessible through network protocols exposed by the installed plugins. By default, there is only the inbound-http plugin providing access to the server through the http protocol.
"ssl": {
"port": "[ vars.plugins.https.port | '8443' ]",
"keystore": "[ vars.plugins.https.keystore | '' ]",
"password": "[ vars.plugins.https.password | '' ]"
}
Set the https port number (default to 8443), the keystore file (absolute or relative to server install home directory) and the keystore/key password. The http plugin supports most known keystore types such as PKCS132 and JKS.
If you have installed custom plugins from BlueNimble Marketplace or from the community, make sure to visit specific documentation and read their guidelines to secure server communication.
When you install BlueNimble for the first time, either through sources or binaries, the management api isn't secure to allow you to download the playground keys and eventually the root keys.
The Management API and the install web page is just an api like any other custom api you create for your needs. To secure it, edit the 4 services (endpoints) below and remove security->enabled or set to true.
These services are located under [BlueNimble Install Home]/spaces/sys/bluenimble-apis-mgm-X-Y-Z/resources/services.
- Describe Instance Service
- Download Root Keys Service
- Download Space Keys Service
- Get Resource Service
In a BlueNimble node, you can create as many spaces as needed. A space is an environment where you can define specific features to use by the APIs will running in such as databases, indexers, storage,... Developers and DevOps engineers use security keys issued by an admin keys owner to access a space through the CLI or the Management REST API.
There is two types of keys:
- Administrator Keys
- Developer and DevOps Keys
This type of keys is attached to only one space and have access to Administrative endpoints. Only an Admin keys owner can manage a space and create developer security keys.
In order to create Administrator keys, make sure you load the root keys and they are selected to be used. If you didn't load the root keys yet, do so by following the step in Install Root Keys.
Create an admin keys in a specific space by issuing the commands below.
-
First, use the root keys
use keys root
-
Define a json variable (AdminKeys) to hold our keys info such as the role and the expiryDate
json create AdminKeys { space: playground, role: admin, expiryDate: '2018-12-31' }
-
Create the admin keys
ctx keys && create keys AdminKeys
This type of keys is attached to only one space and have access to developer endpoints.
In order to create Developer keys, make sure you are using an admin keys (Only admin keys owners can create developer keys).
Create a developer keys in a specific space by issuing the commands below.
-
First, use the admin keys
use keys AdminKeys
-
Define a json variable (DevKeys) to hold our keys info such as the role and the expiryDate
json create DevKeys { space: playground, role: developer, expiryDate: '2018-12-31' }
-
Create the developer keys
ctx keys && create keys DevKeys