Layer7 API Management

Hi Team.

I am unable to decrypt secrets and keys with the given advice at the end of graphman-client readme : 
graphman-client/README.md at main · Layer7-Community/graphman-client

GitHub		remove preview
graphman-client/README.md at main · Layer7-Community/graphman-client This repository contains a Postman collection, a Node.js CLI application, sample queries for the CLI, and GraphQL schemas for the Graphman API. - graphman-client/README.md at main · Layer7-Community/graphman-client View this on GitHub >

the export looks like:
{
  "secrets": [
    {
      "goid": "9ec005dd334796b936987ecf50932c4d",
      "name": "mikel",
      "checksum": "1121b4c3cee21859749fba3450bf0257621eb11a",
      "description": "",
      "secret": "JEw3RXYwMiSK5eLTkmpxyObHRTfmwlqpjQcwOip5MlMu7v4YPSUSaA==",
      "secretType": "PASSWORD",
      "variableReferencable": true
    }
  ],
  "properties": {
    "defaultAction": "NEW_OR_UPDATE"
  }
}

e.g. decrypting the secret using the following command fails with the error shown

Of course, I have used the same passphrase for the export.
Same error occurs for the encrypted key.p12 property.
Am I doing someting wrong ?

Thanks

...Michael

@Michael Mueller There's a little deviation in supporting the statement specified as part of documentation.

Graphman supports importing the secrets that are encrypted using openssl way. But, it was not the same case while exporting them. As of now, graphman exports secrets that cannot be decrypted using openssl. We did change this behaviour different from experimental build. 

Would you still want to export the secrets in openssl decrypt friendly? 

Original Message:
Sent: Jan 27, 2024 06:43 AM
From: Michael Mueller
Subject: decrypt graphman-client exported keys or secrets

Hi Team.

I am unable to decrypt secrets and keys with the given advice at the end of graphman-client readme : 
graphman-client/README.md at main · Layer7-Community/graphman-client

GitHub		remove preview
graphman-client/README.md at main · Layer7-Community/graphman-client This repository contains a Postman collection, a Node.js CLI application, sample queries for the CLI, and GraphQL schemas for the Graphman API. - graphman-client/README.md at main · Layer7-Community/graphman-client View this on GitHub >

the export looks like:
{
  "secrets": [
    {
      "goid": "9ec005dd334796b936987ecf50932c4d",
      "name": "mikel",
      "checksum": "1121b4c3cee21859749fba3450bf0257621eb11a",
      "description": "",
      "secret": "JEw3RXYwMiSK5eLTkmpxyObHRTfmwlqpjQcwOip5MlMu7v4YPSUSaA==",
      "secretType": "PASSWORD",
      "variableReferencable": true
    }
  ],
  "properties": {
    "defaultAction": "NEW_OR_UPDATE"
  }
}

e.g. decrypting the secret using the following command fails with the error shown

Of course, I have used the same passphrase for the export.
Same error occurs for the encrypted key.p12 property.
Am I doing someting wrong ?

Thanks

...Michael

Hi @Raju Gurram.

Thanks.

I am coming from the understanding, that a secret is just another resource entity in a gateway, as any other.

Hence, and due to my understanding that a repository is the single source of truth for a gateway, I am looking for the ability to maintain/change a secret in a repository, rather than directly in a gateway through Policy Manager.

Hence, from a repository point of view, this could be understood as a rogue change, as this change of a resource ( the secret ) is not known by the repository , and might get overwritten by the repository content, if not taken care of this change differently.

Original Message:
Sent: Jan 29, 2024 06:42 AM
From: Raju Gurram
Subject: decrypt graphman-client exported keys or secrets

@Michael Mueller There's a little deviation in supporting the statement specified as part of documentation.

Graphman supports importing the secrets that are encrypted using openssl way. But, it was not the same case while exporting them. As of now, graphman exports secrets that cannot be decrypted using openssl. We did change this behaviour different from experimental build. 

Would you still want to export the secrets in openssl decrypt friendly? 

Original Message:
Sent: Jan 27, 2024 06:43 AM
From: Michael Mueller
Subject: decrypt graphman-client exported keys or secrets

Hi Team.

I am unable to decrypt secrets and keys with the given advice at the end of graphman-client readme : 
graphman-client/README.md at main · Layer7-Community/graphman-client

GitHub		remove preview
graphman-client/README.md at main · Layer7-Community/graphman-client This repository contains a Postman collection, a Node.js CLI application, sample queries for the CLI, and GraphQL schemas for the Graphman API. - graphman-client/README.md at main · Layer7-Community/graphman-client View this on GitHub >

the export looks like:
{
  "secrets": [
    {
      "goid": "9ec005dd334796b936987ecf50932c4d",
      "name": "mikel",
      "checksum": "1121b4c3cee21859749fba3450bf0257621eb11a",
      "description": "",
      "secret": "JEw3RXYwMiSK5eLTkmpxyObHRTfmwlqpjQcwOip5MlMu7v4YPSUSaA==",
      "secretType": "PASSWORD",
      "variableReferencable": true
    }
  ],
  "properties": {
    "defaultAction": "NEW_OR_UPDATE"
  }
}

e.g. decrypting the secret using the following command fails with the error shown

Of course, I have used the same passphrase for the export.
Same error occurs for the encrypted key.p12 property.
Am I doing someting wrong ?

Thanks

...Michael

Thank you for your feedback. Most likely, we will reconsider this (i.e., ability to export secrets in openssl decrypt friendly).

Hi @Raju Gurram.

Thanks.

I am coming from the understanding, that a secret is just another resource entity in a gateway, as any other.

Hence, and due to my understanding that a repository is the single source of truth for a gateway, I am looking for the ability to maintain/change a secret in a repository, rather than directly in a gateway through Policy Manager.

Hence, from a repository point of view, this could be understood as a rogue change, as this change of a resource ( the secret ) is not known by the repository , and might get overwritten by the repository content, if not taken care of this change differently.

Original Message:
Sent: Jan 29, 2024 06:42 AM
From: Raju Gurram
Subject: decrypt graphman-client exported keys or secrets

@Michael Mueller There's a little deviation in supporting the statement specified as part of documentation.

Graphman supports importing the secrets that are encrypted using openssl way. But, it was not the same case while exporting them. As of now, graphman exports secrets that cannot be decrypted using openssl. We did change this behaviour different from experimental build. 

Would you still want to export the secrets in openssl decrypt friendly? 

Original Message:
Sent: Jan 27, 2024 06:43 AM
From: Michael Mueller
Subject: decrypt graphman-client exported keys or secrets

Hi Team.

I am unable to decrypt secrets and keys with the given advice at the end of graphman-client readme : 
graphman-client/README.md at main · Layer7-Community/graphman-client

GitHub		remove preview
graphman-client/README.md at main · Layer7-Community/graphman-client This repository contains a Postman collection, a Node.js CLI application, sample queries for the CLI, and GraphQL schemas for the Graphman API. - graphman-client/README.md at main · Layer7-Community/graphman-client View this on GitHub >

the export looks like:
{
  "secrets": [
    {
      "goid": "9ec005dd334796b936987ecf50932c4d",
      "name": "mikel",
      "checksum": "1121b4c3cee21859749fba3450bf0257621eb11a",
      "description": "",
      "secret": "JEw3RXYwMiSK5eLTkmpxyObHRTfmwlqpjQcwOip5MlMu7v4YPSUSaA==",
      "secretType": "PASSWORD",
      "variableReferencable": true
    }
  ],
  "properties": {
    "defaultAction": "NEW_OR_UPDATE"
  }
}

e.g. decrypting the secret using the following command fails with the error shown

Of course, I have used the same passphrase for the export.
Same error occurs for the encrypted key.p12 property.
Am I doing someting wrong ?

Thanks

...Michael