Hide parameters from source code for Bluemix application

When I see some sample source codes available in IBM DevOps Services, some instruct me to obtain secret keys such as Twitter or Facebook. And instruction continues to embed them into source code. Well, this is fine just to run the sample. But I concerned about embedding secret keys in the source code in the real situation.

One of the best practices of developing cloud application is to follow 12-factor apps guidance. One of the guidance is to use environmental variable as parameters to the application (III. Config – Store config in the environment). Provinding key parameters as environmental variables should be encouraged in the real situation. For example, we can set key like:

cf set-env <app> <key> <value>

This is per application base. I wonder if I can provide these key value set as user service so that I can re-use parameters in my ORG/space wide. I have tried Cloud Foundry user provided service feature.  The sample I have tried was to create service to provide Twitter API keys using “cf cups” command.

$ cf cups twitter-keys -p "consumer_key, consumer_secret, access_token_key, access_token_secret"
Creating user provided service twitter-keys in org

Now I see this as my service.

>cf services
Getting services in org
twitter-keys                  user-provided

Then I can bind this service to my application, I also see the service can be bind from Bluemix UI.

2014-08-13 15_34_57-twitter-key-service

I need to change the source code to read the value from the service. Here is a sample for Node.js application.

var keys = env['user-provided'][0].credentials;

var tweeter = new twitter({
    consumer_key: keys.consumer_key,
    consumer_secret: keys.consumer_secret,
    access_token_key: keys.access_token_key,
    access_token_secret: keys.access_token_secret

The parameter is provided by ‘user-provided’ environmental variable and it contains the values which  I have specified via “cf cups” command. Then, these value were passed to authenticate Twitter API.

I think this technique can be used in many situation. For example when several developers share the same org/space on Bluemix, but deploy application using different name and route. Just binding user provided service should provide a way to share the common environmental variables for the application under development. I see this is quite useful, since there is need to setup environmental variable for the application after the deployment of new application (with different name / route).

This entry was posted in Bluemix. Bookmark the permalink.

2 Responses to Hide parameters from source code for Bluemix application

  1. Pingback: Getting started with BlueMix | rsjazz

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s