Accessing secured Resources
🗓️ Last updated on June 13, 2024 | 3 | Improve this pageOverview
Quickly after your initial experience with Microcks, you’ll realize that it needs to access some of your private resources for smooth integration in your lifecycle. Typically:
- Loading Artifacts may require accessing secured external resources such as Git repositories,
- Launching tests may require accessing protected HTTPS endpoints or internal message brokers.
This guide will explain the concept of Secret in Microcks, how to manage those Secrets and how to use them when defining an Importer Job.
🚨 Prerequisites
Secrets can only be managed by Microcks
admin
, we mean people with theadmin
role assigned. If you need further information on how to manage users and roles, please check the how-to Manage Users.
1. Authentication Secrets
Authentication Secrets (or simply Secrets) are managed by a Microcks administrator and hold credentials for accessing remote resources such as Git repositories, remote API endpoints or event brokers.
Credential information wrapped within a Secret can be of several natures, such as a User/Password pair, a Token or some X509 certificates.
Secrets are stored within the Microcks database and may be reused by regular users when creating an Importer Job or launching a new test. At that time, regular users refer to the Secret name only and don’t get access to the detailed information.
Secrets management is simply a thumbnail of the Administration page, which is available from the vertical menu on the left once you are logged in as an administrator.

Let’s see how to create/update a secret and its properties below.
2. Edit Secret properties
Let’s imagine you want to create a secret that will hold information on how to access your corporate GitLab instance. Here’s the form you’ll have to fill out below. It may imply authentication method and properties, as well as transport encryption information such as the custom certificate to use.

Authentication may be realized using different methods described below.
Authentication Type | Description |
---|---|
None | No authentication is actually realized. In this case, the secret may only be useful to hold a custom certificate to access a private resource. |
Basic Authentication | An HTTP Basic authentication is attempted when connecting to a remote resource. When selecting this method, the form will just ask for a User and a Password . |
Token Authentication | An HTTP Bearer or custom authentication is attempted with the provided Token . If no Token-Header is specified, the standard Authentication: Bearer <provided token> is attempted. If a Token-Header is specified, the token is added as the value of this specific header. |
The CA Certificate
is just here to gather a custom certificate or certificate chain specified in PEM format.
Using the form, you may create as many Secrets as you need for different resources. Regular users of the Microcks instance will just have access to the secrets’ names and descriptions.
3. Adding a Secret to an Import Job
Now that you have created and managed your secrets, they can be reused when defining an Import Job. To do that, just update a job: the second step of the wizard modal is dedicated to security concerns. You may now add a reference to (thus a usage of) one of your secrets.

When Microcks schedules and executes this job to check the update of the artifact resource, it will simply use the referenced secret. Now your job is identified as using a secret with a black lock 🔒 on the UI:
Each time the scheduled import job is fired, it reuses the up-to-date secret information to provide the correct token and certificates to the external resource.
Wrap-up
Following this guide, you have learned how Authentication Secrets allows you to hold credentials information for accessing secured remote resources used by Microcks importers or tests. You should now be confident in the way Microcks accesses these protected resources, letting regular users just reference the Secret name.

Still Didn’t Find Your Answer?
Join our community and get the help you need. Engage with other members, ask questions, and share knowledge to resolve your queries and expand your understanding.
Join the community