Introduction
How are API Key Credentials used? Ubiq uses credentials that provide two specific tasks for the Ubiq Client Libraries:
- Provide authentication and authorization of the Ubiq Client Library to work with the Application Master Keys stored in the Ubiq Cloud
- Create a secure private tunnel connection between the Ubiq Client Library and the Ubiq Cloud Key Storage to ensure integrity and prevent eavesdropping
Therefore, API Key Credentials need to be supplied to the Ubiq Client Libraries. There are four ways in which to supply these credentials:
- Explicitly set the credentials
- Using environment variables
- Loading from a specific credentials file
- Loading from the default credentials file
Instructions for Supplying API Key Credentials to Ubiq Client Libraries
1. Explicitly Set the Credentials
To explicitly set the credential parameters, pass the values in when initializing the Credentials objects.
Example:
credentials = ubiq.credentials(access_key_id = "...", secret_signing_key = "...", secret_crypto_access_key = "...")
credentials = Credentials(access_key_id = "...", secret_signing_key = "...", secret_crypto_access_key = "...")
const credentials = new Credentials('<access_key_id>', '<secret_signing_key>', '<secret_crypto_access_key>')
struct ubiq_platform_credentials * credentials;
ubiq_platform_credentials_create_explicit(
"..." /* access key id */,
"..." /* secret signing key */,
"..." /* secret crypto access key */,
"..." /* Ubiq API server, may be NULL */,
&credentials);
ubiq::platform::credentials credentials(
"..." /* access key id */,
"..." /* secret signing key */,
"..." /* secret crypto access key */,
"..." /* Ubiq API server, may be unspecified */);
var credentials = UbiqFactory.CreateCredentials(accessKeyId: "...", secretSigningKey: "...", secretCryptoAccessKey: "...");
UbiqCredentials credentials = UbiqFactory.createCredentials("<yourAccessKey>", "<yourSigningKey>", "<yourCryptoKey>", null);
credentials, err := ubiq.NewCredentials(
"..." /* access key id */,
"..." /* secret signing key */,
"..." /* secret crypto access key */,
"..." /* Ubiq API server, may omit this parameter */)
$credentials = new Ubiq\Credentials();
$credentials->set(
'...' /* access key id */,
'...' /* secret signing key */,
'...' /* secret crypto access key */,
'...' /* Ubiq API server, may omit this parameter */
);
2. Using Environment Variables
The library can look for environment variables for the necessary credentials. The following environment variable values are used to pass the credential information to the client library.
UBIQ_ACCESS_KEY_ID
UBIQ_SECRET_SIGNING_KEY
UBIQ_SECRET_CRYPTO_ACCESS_KEY
Example:
credentials = ubiq.credentials()
credentials = Credentials()
const credentials = new ubiq.Credentials()
struct ubiq_platform_credentials * credentials;
ubiq_platform_credentials_create(&credentials);
ubiq::platform::credentials credentials;
var credentials = UbiqFactory.CreateCredentials()
UbiqCredentials credentials = UbiqFactory.createCredentials(null, null, null, null);
credentials, err := ubiq.NewCredentials()
$credentials = new Ubiq\Credentials();
If both environment variables and explicit values are passed in, the explicit values will have priority.
Credentials File Format
The credentials file can support many sets of different credentials. This is accomplished by supporting
different profile sections within the credentials file.
[default]
ACCESS_KEY_ID = .somevalues..
SECRET_SIGNING_KEY = .somevalues..
SECRET_CRYPTO_ACCESS_KEY =.somevalues..
[profile1]
ACCESS_KEY_ID = .somevalues..
SECRET_SIGNING_KEY = .somevalues..
SECRET_CRYPTO_ACCESS_KEY =.somevalues..
[profile2]
ACCESS_KEY_ID = .somevalues..
SECRET_SIGNING_KEY = .somevalues..
SECRET_CRYPTO_ACCESS_KEY =.somevalues..
3. Read Credentials from a Specific File
The following example demonstrates how to load Credentials from a user supplied Credentials file. If the profile parameter is supplied, then data in that profile will be used if it is found, otherwise, the library uses the values in default profile if they exist.
Example:
credentials = ubiq.configCredentials(config_file = "some-credential-file", profile = "some-profile")
credentials = ConfigCredentials.new( "some-credential-file", "some-profile").get_attributes
const credentials = new ubiq.ConfigCredentials(credentials_file, profile)
struct ubiq_platform_credentials * credentials;
ubiq_platform_credentials_create_specific(
"/path/to/credentials", "profile-name", &credentials);
ubiq::platform::credentials credentials(
"/path/to/credentials", "profile-name");
var credentials = UbiqFactory.ReadCredentialsFromFile("some-credential-file", "some-profile");
UbiqCredentials credentials = UbiqFactory.readCredentialsFromFile("some-credential-file", "some-profile");
credentials, err := ubiq.NewCredentials(
"/path/to/credentials", "profile-name")
$credentials = new Ubiq\Credentials();
$credentials->load(
'/path/to/credentials', 'profile-name'
);
4. Read Credentials from Default (~/.ubiq/credentials) File
If the config_file parameter is not supplied, then the Client Library will look in the ~/.ubiq directory for the credentials file. If the profile parameter isn't supplied, then the library will assume default.
Example:
credentials = ubiq.configCredentials()
credentials = ConfigCredentials.new().get_attributes
const credentials = new ubiq.ConfigCredentials()
struct ubiq_platform_credentials * credentials;
ubiq_platform_credentials_create(&credentials);
ubiq::platform::credentials credentials;
var credentials = UbiqFactory.ReadCredentialsFromFile(string.Empty, null);
UbiqCredentials credentials = UbiqFactory.readCredentialsFromFile("", "default");
credentials, err := ubiq.NewCredentials()
$credentials = new Ubiq\Credentials();
Updated 5 months ago