Skip to main content
Skip table of contents

Bootstrapping API keys for Docker

Delphix has announced the depreciation of support for Docker Compose with DCT version 13.0.0. The January 2024 release starts a 12-month depreciation period for all supported versions on Docker Compose. All prior and current product versions will continue to be supported on Docker Compose until January 2025. However, production DCT workloads in Docker Compose are not supported. 

It is highly recommended that new DCT installations are performed on Kubernetes or OpenShift

API keys are the default method to authenticate with DCT. This is done by including the key in the HTTP Authorization request header with type apk.

API keys are long-live tokens and as a result, do not automatically expire in the future. They remain valid until they are deleted or destroyed from DCT.

A cURL example using an example key of 1.0p9PMkZO4Hgy0ezwjhX0Fi4lEKrD4pflejgqjd0pfKtywlSWR9G0fIaWajuKcBT3 would appear as:

NONE
curl --header 'Authorization: apk 1.0p9PMkZO4Hgy0ezwjhX0Fi4lEKrD4pflejgqjd0pfKtywlSWR9G0fIaWajuKcBT3'

cURL (like web browsers and other HTTP clients) will not connect to DCT over HTTPS unless a valid TLS certificate has been configured for the Nginx server. If this configuration step has not been performed yet and the risk is comprehended, you may disable the check in the HTTP client. For instance, this can done with cURL using the --insecure flag.

The cURL version must be 7.43 or higher.

Bootstrap first API key

There is a special process to bootstrap the creation of the first API key. This first API key should only be used to create another key and then promptly deleted, since the bootstrap API will appear in the logs. This process can be repeated as many times as needed, for example, in a case where existing API keys are lost or have been deleted. It also means that the Linux users with permissions to edit the docker-compose file implicitly have the ability to get an API key at any time. There is no mechanism to lock this down after the first bootstrap key is created.

Begin by stopping the application with the following command:

NONE
sudo docker-compose stop

Once the application is stopped, edit the docker-compose.yaml file and modify the following lines to the DCT section, to set the API_KEY_CREATE to the string value "true":

NONE
services:
  gateway:
    environment:
      API_KEY_CREATE: "true"

Start DCT again with sudo docker-compose up. You will see the following output in the logs for the app container (the key will be different from this example):

NONE
NEWLY GENERATED API KEY: 1.0p9PMkZO4Hgy0ezwjhX0Fi4lEKrD4pflejgqjd0pfKtywlSWR9G0fIaWajuKcBT3

Copy the API Key and shut down the DCT app. The API key can now be used to authenticate with DCT. Remember that the API Key value must be prefixed with apk. An example cURL command with the above API Key appears as follows:

NONE
curl --header 'Authorization: apk 1.0p9PMkZO4Hgy0ezwjhX0Fi4lEKrD4pflejgqjd0pfKtywlSWR9G0fIaWajuKcBT3'

Edit the docker-compose.yaml file to set the API_KEY_CREATE environment variable value back to "false" and restart DCT again with sudo docker-compose up -d.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.