 |
| Sample Session Managing Keys |
Overview
With IBM Bluemix Cloud Foundry you have the choice of using either the Cloud Foundry CLI (“cf”) or the Bluemix CLI (“bluemix” or “bx”). The “bx” command has an option for the “cf” commands. Both CLIs can be downloaded from the same page in the Bluemix documentation. The CLIs have many options to manage apps, services, organizations, spaces, and much more. Both can also be extended through plugins. You can even write and integrate your own plugins. I would recommend using the Bluemix CLI because it offers more features, including a handy option to update itself. For the example I am going to use the Cloud Foundry CLI to demonstrate the general case.Bluemix offers many services, big and small, in its catalog. Most of those service can be used by more than just a single user, a single app, and not just from within Bluemix. Therefore, creating several credentials for a service, so-called service keys, is essential to consuming a service. The keys can be managed from the browser-based Bluemix console or on the command line via CLI.
Manage Service Keys
Using the Cloud Foundry or Bluemix CLI, the first step is to login. As shown in my example, I am using the API endpoint for Bluemix Public in Frankfurt, Germany:>> cf login -a api.eu-de.bluemix.netI am prompted for my email address as username and the password. Depending on my account usage I might also need to select the organization and space I want to work with. As next step, I am looking for the instance of my IBM Watson Conversation service. This is used for my chatbots and I would like to create new credentials for some tests. The “services” command returns all services, on Unix systems “grep” helps to filter the result:
>> cf services | grep -i conversation Conversation-er conversation free hlred create succeededThe name “Conversation-er” is the name of my Conversation service instance. Now I want to list the existing service keys. It can be done with the “service-keys” or “sk” command:
>> cf service-keys Conversation-er Getting keys for service instance Conversation-er as hloeser@de.ibm.com…Only one service key labeled “Credentials-l” is present. To add new credentials I can use the “create-service-key” or “csk” parameter:
name Credentials-1
>> cf csk Conversation-er Conv-DE-user2 Creating service key Conv-DE-user2 for service instance Conversation-er as hloeser@de.ibm.com… OKI chose the name “Conv-DE-user2” for the service key. Let’s see if it was added.
>> cf service-keys Conversation-er Getting keys for service instance Conversation-er as hloeser@de.ibm.com…To take a look at the actual credentials, the “service-key” is the right option. It fetches the username, password and everything else making up the credentials. For IBM Watson services the gateway URL is part of it:
name Credentials-1 Conv-DE-user2
>> cf service-key Conversation-er Conv-DE-user2 Getting key Conv-DE-user2 for service instance Conversation-er as hloeser@de.ibm.com…Existing service keys can be deleted with the “delete-service-key” or “dsk” command. Recreating keys is one way of implementing rotating passwords (credentials).
{ “password”: “BFyyHxxxGnO”, “url”: “https://gateway-fra.watsonplatform.net/conversation/api”, “username”: “ffffffff-458f-4111-9dd4-03xx610xxbxx” }
>> cf dsk Conversation-er Conv-DE-user2
Really delete the service key Conv-DE-user2?> yes Deleting key Conv-DE-user2 for service instance Conversation-er as hloeser@de.ibm.com… OK
Summary
As shown above, it is pretty simple to manage service keys from the command line.Both the Bluemix and Cloud Foundry CLIs can be used. But not only the credentials can be administrated from the command line. Create services, bind them to apps, request billing and usage information, and more. And, as mentioned above, you can even extend the functionality through plugins and create your own.Note that this blog entry was first published at https://www.ibm.com/blogs/bluemix/2017/06/manage-bluemix-service-keys-via-cli/