Pass Iglu API key to Snowplow Micro in iglu.json

For engineers
1

Hi there,

We’re using Snowplow Micro to test events being sent and all works well. :slight_smile: However, we want to send an API key for the connection to our Iglu Server but keep the key as an environment variable. Our iglu.json looks something like this:

{
  "schema": "iglu:com.snowplowanalytics.iglu/resolver-config/jsonschema/1-0-1",
    "data": {
      "cacheSize": 5000,
      "repositories": [
        {
          "name": "Iglu Central",
          "priority": 0,
          "vendorPrefixes": [ "com.snowplowanalytics" ],
          "connection": {
            "http": {
              "uri": "http://iglucentral.com"
            }
          }
        },
        {
          "name": "***",
          "priority": 5,
          "vendorPrefixes": [ "***" ],
          "connection": {
            "http": {
              "uri": "***",
              "apikey": "DON'T WANT TO COMMIT API KEY"
            }
          }
        }
      ]
    }
}

Adding the API key to iglu.json works but we don’t want to commit that to Git. Is there a way, when passing iglu.json to Snowplow Micro, that we can pass the API key separately? Something like:

docker run \
  --mount type=bind,source=$(pwd)/example,destination=/config \
  -p 9090:9090 \
  snowplow/snowplow-micro:1.2.1 \
  --collector-config /config/micro.conf \
  --iglu /config/iglu.json \
  --PASS API KEY FROM ENV

Hopefully I’ve got all the terminology right. :smiley:

Thanks in advance,
Rob

2

Hi @Robert_Douglas
Welcome to the Snowplow Community!
Cheers,
Eddie

3

Hi @Robert_Douglas, no it is not possible to pass the api key separately from the iglu resolver file.

It makes me quite sad that that’s my answer for you! Especially as many Snowplow configuration files do let you set any parameter using an environment variable at run time, e.g. this example for Iglu Server. Unfortunately this configuration method has not been extended to Iglu resolver files yet.

1 Like
4

Okay, thanks anyway. We’ll work around it. :slight_smile:

1 Like
5

I came here with the same question - can I ask if you managed to get to a solution @Robert_Douglas ? Thanks!

6

Hey @angelsk ! We use SOPS (GitHub - mozilla/sops: Simple and flexible tool for managing secrets) for encrypting secrets for other services so we created an iglu.sops.json file which we commit to Github. The developer then unencrypts the file on their machine and this unencrypted iglu.json file is not committed (it’s listed in the .gitignore of the repo). Hope this helps. :slight_smile:

1 Like
7

It is at least inspirational :slight_smile: Wondering if I could use it as a template and combine with Github secrets - as I want to be able to use this in CI/CD ideally :slight_smile:

Thanks for the reply!

1 Like