You do not have to hard-code values for policy configuration keys in an options file in the Policy Administration GUI configuration. You can specify values for policy configuration keys at runtime using environment variables.
To use environment variables, specify a policy configuration key value in the options
file using the ${variableName}
notation, and then define the
environment variable before starting the Policy Administration GUI.
Example: Set policy information provider host name using an environment variable
This example takes the scenario in Example: Configure policy configuration keys and modifies it to specify the Consent API host name at runtime using an environment variable.
To specify the host name using an environment variable:
- Make a copy of the default options
file.
$ cp config/options.yml my-options.yml
- Edit the new options file and define a policy configuration key in the core
section called
ConsentHostname
. Instead of hard-coding its value, specify a variable calledCONSENT_HOSTNAME
.core: ConsentHostname: ${CONSENT_HOSTNAME} # Other options omitted for brevity...
- Stop the GUI server.
$ bin/stop-server
- Run setup using the
--optionsFile
argument. Customize all other options as appropriate for your needs.$ bin/setup demo \ --adminUsername admin \ --generateSelfSignedCertificate \ --decisionPointSharedSecret datagovernance \ --hostname <pap-hostname> \ --port <pap-port> \ --adminPort <admin-port> \ --licenseKeyFile <path-to-license> \ --optionsFile my-options.yml
- Set the value of the CONSENT_HOSTNAME environment variable
and then start the
server.
$ export CONSENT_HOSTNAME=consent-us-east.example.com; bin/start-server
After you define the Consent API service in the Trust Framework, you can refer to the policy configuration key that you defined in the Policy Administration GUI configuration (ConsentHostName), which will use the environment variable that you also defined. You must first create an attribute in the Trust Framework to hold the policy configuration key value. To do so, add an attribute with the following settings.
Property | Value |
---|---|
Name | ConsentHostname |
Resolver Type | Configuration Key |
Resolver Value | ConsentHostname |
The following image shows the attribute in the Policy Administration GUI.
When you create a service in the Trust Framework, you can refer to this
attribute using the {{AttributeName}}
notation. For example, where
the URL https://consent-us-east.example.com/consent/v1/consents would otherwise be
used, use the URL https://{{ConsentHostname}}/consent/v1/consents. The following
image shows service settings using the {{AttributeName}}
notation.
$ bin/stop-server
$ export CONSENT_HOSTNAME=consent-us-west.example.com; bin/start-server
Example: Set trust store details using an environment variable
This example takes the scenario in Example: Configure a trust store for a policy information provider and modifies it to specify the trust store password at runtime using an environment variable.
Given a Java KeyStore (JKS) trust store named my-ca-truststore.jks with the password password123 and a trusted root certificate with the alias my-ca, create an options file with details about the trust store. Instead of hard-coding the trust store password, specify it as an environment variable.
- Make a copy of the default options
file.
$ cp config/options.yml my-options.yml
- To edit the new options file and define the key store details, add an item in the
truststores
section. Specify the password value using the${ENVIRONMENT_VARIABLE}
notation. Also, assign the password to a policy configuration key so it can be used in the Trust Framework.core: TrustStorePassword: ${TRUST_STORE_PASSWORD} truststores: - name: MyCATrustStore resource: /path/to/my-ca-truststore.jks # TRUST_STORE_PASSWORD is an environment variable password: ${TRUST_STORE_PASSWORD} # Other options omitted for brevity...
- Stop the Policy Administration
GUI.
$ bin/stop-server
- Run setup using the
--optionsFile
argument. Customize all other options as appropriate for your needs.$ bin/setup demo \ --adminUsername admin \ --generateSelfSignedCertificate \ --decisionPointSharedSecret datagovernance \ --hostname <pap-hostname> \ --port <pap-port> \ --adminPort <admin-port> \ --licenseKeyFile <path-to-license> \ --optionsFile my-options.yml
- Set the value of the TRUST_STORE_PASSWORD environment
variable and start the
server.
$ export TRUST_STORE_PASSWORD=password123; bin/start-server
The policy configuration key that you defined can be used in the Trust Framework. You must first create an attribute to hold the policy configuration key value. Add an attribute with the following settings.
Property | Value |
---|---|
Name | TrustStorePassword |
Resolver Type | Configuration Key |
Resolver Value | TrustStorePassword |
The following image shows the attribute in the Policy Administration GUI.
After you define the policy information provider in the Trust Framework, you can refer to the trust store password using the TrustStorePassword attribute.
$ bin/stop-server
$ export TRUST_STORE_PASSWORD=new-password; bin/start-server