-
-
Notifications
You must be signed in to change notification settings - Fork 132
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
New blog post about Limiting Access to the relay proxy with API Keys (#…
…684) Signed-off-by: Thomas Poignant <[email protected]>
- Loading branch information
1 parent
f882f44
commit fd383a4
Showing
2 changed files
with
112 additions
and
0 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
--- | ||
title: Limiting Access to the relay proxy with API Keys | ||
description: New API Key feature in GO Feature Flag Relay Proxy 1.7.0 allows you to restrict access to the relay proxy to only known clients. | ||
authors: [thomaspoignant] | ||
tags: [feature flag, relay-proxy] | ||
image: http://gofeatureflag.org/assets/images/20945235-ede9f141540af91fe5fa5fdc4f3d7fe6.png | ||
--- | ||
import Tabs from '@theme/Tabs'; | ||
import TabItem from '@theme/TabItem'; | ||
|
||
![security](20945235.png) | ||
|
||
GO Feature Flag Relay Proxy is a powerful tool that enables you to evaluate your feature flags without deploying code changes. | ||
It allows you to test and roll out new features to your users gradually, and to monitor the performance of your code in real-time. | ||
|
||
With the recent release of version `v1.7.0`, GO Feature Flag Relay Proxy introduces a new feature that enhances the | ||
security of your feature flag evaluations. | ||
This new feature allows you to control who can access your relay proxy by configuring API Keys. | ||
|
||
<!-- truncate --> | ||
|
||
## Limiting Access with API Keys | ||
|
||
With the release of GO Feature Flag Relay Proxy version `v1.7.0`, you can now limit access to the relay proxy by configuring API Keys. | ||
This feature allows you to restrict access to only known clients, adding an additional layer of security to your feature flag evaluations. | ||
|
||
To enable this feature, you need to add a list of API Keys to your configuration. | ||
Only requests with these API Keys will be accepted. This means that any requests without a valid API Key will be rejected. | ||
|
||
In your **relay proxy** configuration file it will look like this: | ||
```yaml | ||
# ... | ||
# List of authorized API keys. | ||
# Each request will need to provide one of authorized key inside Authorization header with format Bearer <api-key>. | ||
# There will be no authorization when this config is not configured. | ||
apiKeys: | ||
- 6147795c-4438-44f1-8ab2-18cb3fa9591f # apiKey for client 1 | ||
- 3e3fb534-c8fd-42e9-8f2e-c80276b1685c # apiKey for client 2 | ||
- 6603f9f8-2871-4149-81e8-8a362a8ae266 # apiKey for client 3 | ||
- 0fc30ffe-b9bc-4398-a9f1-6f8b8486e8ce # apiKey for client 4 | ||
- 500d222e-2654-41a4-bd31-e24a629cb78a # apiKey for client 5 | ||
|
||
# ... | ||
``` | ||
|
||
## Using Client API Keys with Openfeature Providers | ||
|
||
If you are using Open Feature and our providers, we have updated them to handle the `apiKey` for you. | ||
You can now specify your `apiKey` directly when you are initializing your provider. This will authenticate every request | ||
to the relay proxy with this apiKey. | ||
|
||
To use this feature, you need to specify the client API Key in your Open Feature provider initialization. | ||
This can be done by adding the `apiKey` like this: | ||
|
||
<Tabs groupId="code"> | ||
<TabItem value="go" label="GO"> | ||
|
||
```go | ||
provider, err := gofeatureflag.NewProvider(gofeatureflag.ProviderOptions{ | ||
//... | ||
APIKey: "6147795c-4438-44f1-8ab2-18cb3fa9591f", | ||
}) | ||
``` | ||
|
||
</TabItem> | ||
<TabItem value="dotnet" label=".NET"> | ||
|
||
```dotnet | ||
GoFeatureFlagProviderOptions options = new GoFeatureFlagProviderOptions{ | ||
// ... | ||
ApiKey = "6147795c-4438-44f1-8ab2-18cb3fa9591f" | ||
} | ||
GoFeatureFlagProvider authenticatedProvider = new GoFeatureFlagProvider(options); | ||
``` | ||
|
||
</TabItem> | ||
<TabItem value="java" label="JAVA"> | ||
|
||
```java | ||
GoFeatureFlagProviderOptions options = | ||
GoFeatureFlagProviderOptions.builder() | ||
.apiKey("6147795c-4438-44f1-8ab2-18cb3fa9591f") | ||
.endpoint(relayProxyAuthenticatedEndpoint) | ||
.build(); | ||
|
||
GoFeatureFlagProvider provider = new GoFeatureFlagProvider(options); | ||
``` | ||
|
||
</TabItem> | ||
<TabItem value="javascript" label="JS / TS"> | ||
|
||
```javascript | ||
const goFeatureFlagProvider = new GoFeatureFlagProvider({ | ||
// ... | ||
apiKey: '6147795c-4438-44f1-8ab2-18cb3fa9591f' | ||
}); | ||
``` | ||
|
||
</TabItem> | ||
|
||
</Tabs> | ||
|
||
## Conclusion | ||
|
||
The new feature of GO Feature Flag Relay Proxy 1.7.0 allows you to limit access to your relay proxy by configuring API Keys. | ||
|
||
This adds an extra layer of security to your feature flag evaluations, ensuring that only known clients can access your relay proxy. | ||
|
||
This feature is easy to configure and can be set up in a matter of minutes, giving you peace of mind knowing that your feature flags are secure. | ||
|
||
|