Hi community,
We are running multiple tenants (application per tenant) in Azure with a file storage in an Azure Blob container. We have enabled the ‘Encryption used’ option.
We are facing a problem that the client secret expires every 6 months and has to be reset using the ‘Set file storage key values (encrypted)’ (see the attached image)
Any idea how we can update the encrypted client secret using the Indicium API of IAM? We are trying to automate the maintenance ;-)
Best answer by Mark Jongeling
Hi André,
Certainly! The table is a little different on the IAM side so also the call has to be modified for that.
POST METHOD
/iam/iam/gui_appl_file_storage(model_id='YOUR MODEL HERE',branch_id='YOUR BRANCH HERE',gui_appl_id='YOUR GUI APPLICATION ID HERE',file_storage_id='YOUR FILE STORAGE LOCATION ID HERE')/task_encrypt_file_storage_key
{
"azure_client_secret": "YOUR CLIENT SECRET HERE"
}Example:
Once you received a 200 OK back, the secret has been set successfully.
Good day
The same task that you use to update your client secret manually can be called via the API, for ease of reference I will provide an example of what that could look like:
POST
/iam/sf/file_storage_configuration_overview(model_id='YOUR MODEL HERE',branch_id='YOUR BRANCH HERE',runtime_configuration_id='YOUR RUNTIME CONFIG HERE',file_storage_id='YOUR FILE STORAGE LOCATION ID HERE')/task_encrypt_file_storage_key
{
"azure_client_secret": "YOUR CLIENT SECRET HERE"
}
We have to investigate if the suggested solution works. However, in de proposed solution a call is made to the SF-application. Is this call also available in for the IAM-application?
+23Hi André,
Certainly! The table is a little different on the IAM side so also the call has to be modified for that.
POST METHOD
/iam/iam/gui_appl_file_storage(model_id='YOUR MODEL HERE',branch_id='YOUR BRANCH HERE',gui_appl_id='YOUR GUI APPLICATION ID HERE',file_storage_id='YOUR FILE STORAGE LOCATION ID HERE')/task_encrypt_file_storage_key
{
"azure_client_secret": "YOUR CLIENT SECRET HERE"
}Example:
Once you received a 200 OK back, the secret has been set successfully.
Hi
Thanks for the fast reply and example, that works. We get an 200 Ok and the document storage location is available.
Can you confirm that a logout/login or refresh model is required to apply the settings?
+23Awesome!, the new secret will trigger Indicium to reload the model automatically. A user does not need to logout or refresh the model to my knowledge. It may take a minute for Indicium to reload the model after setting the secret.
If you need the new secret immediately, Indicium can be restarted to force it to reload models.
Perfect!, i think i just was to quick to check the results. After a little i got the ‘Update now’ message and everything worked as expected.
This solves my problem. Thx again.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.