Thursday, June 1, 2017

How to Manage Bluemix Service Keys via CLI

You probably know that CLI stands for Command Line Interface. And you are aware that IBM Bluemix and Cloud Foundry offer a CLIs. Did you know that you can manage service keys from the command line? Adding new credentials, obtaining keys, and deleting service entries is really simple and fast. In the following, I will show you the commands and use my chatbot project and the IBM Watson Conversation service on Bluemix as example. And I will be using Bluemix in Frankfurt, Germany. So brace yourself for a quick tour through managing service keys from the command line.
manage Bluemix service keys from the command line
Sample Session Managing Keys

Overview

With IBM Bluemix Cloud Foundry you have the choice of using either the Cloud Foundry CLI (“cf”) or the Bluemix CLI (“bluemix” or “bx”). The “bx” command has an option for the “cf” commands. Both CLIs can be downloaded from the same page in the Bluemix documentation. The CLIs have many options to manage apps, services, organizations, spaces, and much more. Both can also be extended through plugins. You can even write and integrate your own plugins. I would recommend using the Bluemix CLI because it offers more features, including a handy option to update itself. For the example I am going to use the Cloud Foundry CLI to demonstrate the general case.
Bluemix offers many services, big and small, in its catalog. Most of those service can be used by more than just a single user, a single app, and not just from within Bluemix. Therefore, creating several credentials for a service, so-called service keys, is essential to consuming a service. The keys can be managed from the browser-based Bluemix console or on the command line via CLI.

Manage Service Keys

Using the Cloud Foundry or Bluemix CLI, the first step is to login. As shown in my example, I am using the API endpoint for Bluemix Public in Frankfurt, Germany:
>> cf login -a api.eu-de.bluemix.net
I am prompted for my email address as username and the password. Depending on my account usage I might also need to select the organization and space I want to work with. As next step, I am looking for the instance of my IBM Watson Conversation service. This is used for my chatbots and I would like to create new credentials for some tests. The “services” command returns all services, on Unix systems “grep” helps to filter the result:
>> cf services | grep -i conversation Conversation-er conversation free hlred create succeeded
The name “Conversation-er” is the name of my Conversation service instance. Now I want to list the existing service keys. It can be done with the “service-keys” or “sk” command:
>> cf service-keys Conversation-er Getting keys for service instance Conversation-er as hloeser@de.ibm.com…
name Credentials-1
Only one service key labeled “Credentials-l” is present. To add new credentials I can use the “create-service-key” or “csk” parameter:
>> cf csk Conversation-er Conv-DE-user2 Creating service key Conv-DE-user2 for service instance Conversation-er as hloeser@de.ibm.com… OK
I chose the name “Conv-DE-user2” for the service key. Let’s see if it was added.
>> cf service-keys Conversation-er Getting keys for service instance Conversation-er as hloeser@de.ibm.com…
name Credentials-1 Conv-DE-user2
To take a look at the actual credentials, the “service-key” is the right option. It fetches the username, password and everything else making up the credentials. For IBM Watson services the gateway URL is part of it:
>> cf service-key Conversation-er Conv-DE-user2 Getting key Conv-DE-user2 for service instance Conversation-er as hloeser@de.ibm.com…
{  “password”: “BFyyHxxxGnO”,  “url”: “https://gateway-fra.watsonplatform.net/conversation/api”,  “username”: “ffffffff-458f-4111-9dd4-03xx610xxbxx” }
Existing service keys can be deleted with the “delete-service-key” or “dsk” command. Recreating keys is one way of implementing rotating passwords (credentials).
>> cf dsk Conversation-er Conv-DE-user2
Really delete the service key Conv-DE-user2?> yes Deleting key Conv-DE-user2 for service instance Conversation-er as hloeser@de.ibm.com… OK

Summary

As shown above, it is pretty simple to manage service keys from the command line.Both the Bluemix and Cloud Foundry CLIs can be used. But not only the credentials can be administrated from the command line. Create services, bind them to apps, request billing and usage information, and more. And, as mentioned above, you can even extend the functionality through plugins and create your own.

Note that this blog entry was first published at https://www.ibm.com/blogs/bluemix/2017/06/manage-bluemix-service-keys-via-cli/