Bootstrapping API Keys
Docker Compose should only be used to deploy DCT in an evaluation/testing capacity.
There is a special process to bootstrap the creation of the first API key. This first API key should only be used to create another key and then promptly deleted, since the bootstrap API will appear in the logs. This process can be repeated as many times as needed, for example, in a case where existing API keys are lost or have been deleted. It also means that the Linux users with permissions to edit the docker-compose file implicitly have the ability to get an API key at any time. There is no mechanism to lock this down after the first bootstrap key is created.
Begin by stopping the application with the following command:
sudo docker-compose stop
Once the application is stopped, edit the docker-compose.yaml file and modify the following lines to the DCT section, to set the API_KEY_CREATE
to the string value "true":
services:
gateway:
environment:
API_KEY_CREATE: "true"
Start DCT again with sudo docker-compose up
. You will see the following output in the logs for the app container (the key will be different from this example):
NEWLY GENERATED API KEY: 1.0p9PMkZO4Hgy0ezwjhX0Fi4lEKrD4pflejgqjd0pfKtywlSWR9G0fIaWajuKcBT3
Copy the API Key and shut down the DCT app. The API key can now be used to authenticate with DCT. Remember that the API Key value must be prefixed with apk. An example cURL command with the above API Key appears as follows:
curl --header 'Authorization: apk 1.0p9PMkZO4Hgy0ezwjhX0Fi4lEKrD4pflejgqjd0pfKtywlSWR9G0fIaWajuKcBT3'
Edit the docker-compose.yaml file to set the API_KEY_CREATE
environment variable value back to "false" and restart DCT again with sudo docker-compose up -d
.