I'm working on a couple dozen Watches that each execute a web hook action to call a RESTful service endpoint. This endpoint requires basic auth credentials to be passed that are currently built into the watch for prototyping. For a production deployment these credentials are will rotate on a regular basis. I don't want anyone to have to constantly modify each watch to keep up with rotating credentials, so my question is how can I get all of these watches to read these credentials from a common file and store them in a ctx.var that can be used in the web hook.
unfortunately there is currently no mechanism to support rotation of those passwords, except reindexing the watch (or using a chained input to get the auth from somewhere else, but that sounds not too secure either to be honest).
Alex -- Thank you for the suggestions. Unfortunately the Restful service being called only supports basic auth in its current configuration. Encrypting the sensitive data has been discussed as an option but that doesn't address a security/ops team's request to store credentials in a single location rather than in each watch.
you saw my suggestions with the chained input? You could store the credentials in another index (or another system that can be polled via HTTP), and only update those.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.