[Apiman-user] Production deployment questions

Eric Wittmann eric.wittmann at redhat.com
Mon Dec 7 20:35:20 EST 2015


Hi Paul - answers inline below.

> 1. Is "password" supposed to be replaced by some credential? This isn't
> mentioned in the instructions; my guess is that this credential is used
> only for applications that request REST Direct Access Grants, and that
> apiman doesn't. Is that correct?

Embarrassingly I'm not 100% sure what that setting is all about.  Here 
is the documentation from keycloak:

----
credentials
Specify the credentials of the application. This is an object notation 
where the key is the credential type and the value is the value of the 
credential type. Currently only 'password' is supported. This is REQUIRED.
----

It would be a good question to ask on the keycloak mailing list.

@msavy - any idea?

> 2. If I'm configuring the gateway as a separate service, can I remove
> the apimanui.war secure-deployment entry? Correspondingly, when I
> configure the standalone API manager, do I remove the
> apiman-gateway-api.war entry?

Yep!  It's not *required* to remove them, but you can certainly remove 
them without ill effect.

> 3. Is it possible to set properties that appear in apiman.properties by
> way of Java system properties or in a <system-properties> configuration
> in the standalone-apiman.xml file?

Yes it is!  :)  Either of those approaches should work.  You can also 
use environment variables and eap/wildfly vaulted values if you like. 
It's also possible to encrypt values (using our AesEncrypter class) and 
put the encrypted value in the config.  Not really secure but it's 
better than having a password in clear text.

-Eric




More information about the Apiman-user mailing list