Pass Iglu API key to Snowplow Micro in iglu.json

Robert_Douglas · December 20, 2021, 2:34pm

Hi there,

We’re using Snowplow Micro to test events being sent and all works well. However, we want to send an API key for the connection to our Iglu Server but keep the key as an environment variable. Our iglu.json looks something like this:

{
  "schema": "iglu:com.snowplowanalytics.iglu/resolver-config/jsonschema/1-0-1",
    "data": {
      "cacheSize": 5000,
      "repositories": [
        {
          "name": "Iglu Central",
          "priority": 0,
          "vendorPrefixes": [ "com.snowplowanalytics" ],
          "connection": {
            "http": {
              "uri": "http://iglucentral.com"
            }
          }
        },
        {
          "name": "***",
          "priority": 5,
          "vendorPrefixes": [ "***" ],
          "connection": {
            "http": {
              "uri": "***",
              "apikey": "DON'T WANT TO COMMIT API KEY"
            }
          }
        }
      ]
    }
}

Adding the API key to iglu.json works but we don’t want to commit that to Git. Is there a way, when passing iglu.json to Snowplow Micro, that we can pass the API key separately? Something like:

docker run \
  --mount type=bind,source=$(pwd)/example,destination=/config \
  -p 9090:9090 \
  snowplow/snowplow-micro:1.2.1 \
  --collector-config /config/micro.conf \
  --iglu /config/iglu.json \
  --PASS API KEY FROM ENV

Hopefully I’ve got all the terminology right.

Thanks in advance,
Rob

EddieM · December 20, 2021, 2:54pm

Hi @Robert_Douglas
Welcome to the Snowplow Community!
Cheers,
Eddie

istreeter · December 20, 2021, 10:30pm

Hi @Robert_Douglas, no it is not possible to pass the api key separately from the iglu resolver file.

It makes me quite sad that that’s my answer for you! Especially as many Snowplow configuration files do let you set any parameter using an environment variable at run time, e.g. this example for Iglu Server. Unfortunately this configuration method has not been extended to Iglu resolver files yet.

Robert_Douglas · December 21, 2021, 8:17am

Okay, thanks anyway. We’ll work around it.

angelsk · February 15, 2022, 11:46am

I came here with the same question - can I ask if you managed to get to a solution @Robert_Douglas ? Thanks!

Robert_Douglas · February 16, 2022, 9:51am

Hey @angelsk ! We use SOPS (GitHub - mozilla/sops: Simple and flexible tool for managing secrets) for encrypting secrets for other services so we created an iglu.sops.json file which we commit to Github. The developer then unencrypts the file on their machine and this unencrypted iglu.json file is not committed (it’s listed in the .gitignore of the repo). Hope this helps.

angelsk · February 16, 2022, 10:19am

It is at least inspirational Wondering if I could use it as a template and combine with Github secrets - as I want to be able to use this in CI/CD ideally

Thanks for the reply!

Topic		Replies	Views
Connection refused error when trying to add apikey for local IGLU server on Snowplow mini	4	1903	April 8, 2019
Having struggle while generating read/write API keys for a vendor Collectors	3	1164	March 2, 2020
Do I need to provide stream enrich with read credentials on Iglu server? For engineers	5	1149	February 12, 2019
Snowplow-micro help For engineers	2	627	May 6, 2020
Problem mocking my own Iglu schema registry Iglu	3	2118	February 21, 2018

Pass Iglu API key to Snowplow Micro in iglu.json

Related topics