WORKLOAD AUTOMATION COMMUNITY
  • Home
  • Blogs
  • Forum
  • Resources
  • Events
    • IWA 9.5 Roadshows
  • About
  • Contact
  • What's new

Enhance security in Workload Automation using API Keys

3/3/2023

0 Comments

 
Picture
​JSON Web Token (JWT) is an open standard (RFC7519) which describes a compact and easy-to-use structure to securely connect two parties in a public or private network through a JSON object. The token can be digitally signed, for example through a public and private key pair (e.g. RSA).
A signed JWT token contains a series of claims. The integrity of these claims can be verified, authorizing the owner of the token to access to APIs, services, and resources declared on the claims. The compact nature of the JWT is due to its unique structure, which is composed of three encoded components (Header, Payload - where the claims are declared - and Signature) separated by a dot character (.), as follows:
Picture
The JWT can be sent in an HTTP request - for example as an HTTP parameter or POST parameter - in every action that requires the user to be authorized: exploited in such a mechanism, the JWT is a secure, lightweight and user-friendly alternative to basic authentication on the web.

Starting from version 10.1 Fix Pack 1, Workload Automation enables you to create a JWT and use it to access its resources through the API Key. Let's dive in and see how!

API Key creation

To use the JWT, you have to create an API Key. Login into the Dynamic Workload console, select the User menu and then select Manage API Keys.
Picture
​Select an engine from the engine list and click apply.
Picture
Click “Add New”
Picture
Now, you can create either a Personal or a Service API Key. A Personal API Key identifies a real user executing operations on Workload Automation, whereas a Service API Key is a special kind of key which identifies an account that is not associated to a real user.
Picture
Picture
​Click Submit and copy the JWT token to use it.
Picture
JWT Usage
​

After you have created the JWT token and stored it in a secure place, you can provide it as input to authorize API calls. The token can be used through the Orchestration CLI or the Swagger UI.

To authorize actions on the Orchestration CLI, you must add the JWT token in the connection section in the configuration file, named “config.yaml”, located in the “$HOME/.OCLI” folder.
Picture
To authorize actions on the Swagger UI, you must click Authorize and add the JWT token as value in the Available authorizations dialog.
Picture
Picture
​Click Authorize and start performing any secure API call.
Picture
JWT: why should I use it?

Using the new API Keys in Workload Automation is extremely useful and intuitive: its usage grants you a series of advantages ranging from security to user experience. First, the JWT is stored at the client level only: each JWT is digitally signed, so an attacker cannot tamper with it. Moreover, it is kept nowhere in your engine installation, and it cannot be exposed if whoever is using it keeps it safe. This also implies that there is no need to look it up on the server to verify it, so it grants access to Workload Automation resources in a quick and efficient way.
​
Using JWT is made even much easier thanks to the implementation of the API Keys, through which the user can easily create new JWT tokens or revoke the old ones. All you need to do is create your token, store it somewhere on your machine, and then use it whenever you want to authenticate on your Workload Automation environment: all your resources are just a few clicks away!

Authors Bio
Picture
Francesca Romana De Gennaro

She joined HCL in June 2022 as a Software Engineer in the Development team and works as a back-end developer of Workload Automation product.
She has a degree of Computer Science since 2015 at Tor Vergata University of Rome.

Picture
Gabriele Buccioli - Software Engineer HCL Workload Automation

He joined HCL in February 2022 as a member of the Verification Test team and works as verification tester for the Workload Automation suite on distributed environment.
He has a Master's Degree in Management and Automation Engineering at Rome Tre University.

Picture
Valerio Trent - Software Engineer

In 2021, he obtained a Master's Degree in Engineering in Computer Science at La Sapienza University of Rome.
He joined the HCL Rome Software Lab in March 2021 as a member of the Development team and worked as a front-end developer for the Distributed Workload Automation v10. He's a member of the back-end team since March 2022.

Picture
Federico Yusteenappar

Federico joined HCL in September 2019 as Software Developer working as a Cloud Developer for the Workload Automation product suite. His focus has been the extension of the Workload Automation product from a Kubernetes native environment to the OpenShift Container Platform. He has a Master's Degree in Engineering in Computer Science.   
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    January 2020
    December 2019
    November 2019
    October 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017

    Categories

    All
    Analytics
    Azure
    Business Applications
    Cloud
    Data Storage
    DevOps
    Monitoring & Reporting

    RSS Feed

www.hcltechsw.com
About HCL Software 
HCL Software is a division of HCL Technologies (HCL) that operates its primary software business. It develops, markets, sells, and supports over 20 product families in the areas of DevSecOps, Automation, Digital Solutions, Data Management, Marketing and Commerce, and Mainframes. HCL Software has offices and labs around the world to serve thousands of customers. Its mission is to drive ultimate customer success with their IT investments through relentless innovation of its products. For more information, To know more  please visit www.hcltechsw.com.  Copyright © 2019 HCL Technologies Limited
  • Home
  • Blogs
  • Forum
  • Resources
  • Events
    • IWA 9.5 Roadshows
  • About
  • Contact
  • What's new