Service Keys for Solace Messaging Service Instances

This topic describes how developers can manage service keys for Solace Messaging service instances.

About Service Keys

A service key is a way of obtaining credentials for a Solace Messaging service instance.

When using service keys, the developer assumes the responsibility of passing the credentials associated with the service key to the app.

Creating a service key for a service instance produces Solace Messaging Credentials, these credentials will be associated with the service key.

Deleting a service key of a service instance revokes the associated credentials.

Obtaining credential using service keys can be used for apps that are not hosted in Pivotal Cloud Foundry (PCF). A typical use case is when you have TCP Routes enabled and you have apps running outside PCF that need access to Solace Messaging Services running inside PCF.

The following procedures assume you have created a Solace Messaging service called solace-messaging-instance as discussed in Service Instances and that you have some app running outside of PCF.

For more information about managing service keys, see Managing Service Keys.

Create a Service Key for a Service Instance with the cf CLI

To create a service key for an existing Solace Messaging service with the cf Command Line Interface (CLI), perform the following steps:

  1. Set your API endpoint to the Cloud Controller of your deployment.

    $ cf api api.YOUR-SYSTEM-DOMAIN
    Setting api endpoint to api.YOUR-SYSTEM-DOMAIN...
    OK
    API endpoint:  https://api.YOUR-SYSTEM-DOMAIN (API version: 2.59.0)
    Not logged in. Use 'cf login' to log in.
    

  2. Log in to your deployment and select an org and a space.

    $ cf login
    API endpoint: https://api.YOUR-SYSTEM-DOMAIN
    Email> user@example.com
    Password>
    

  3. Locate the previously created service.

    $ cf services
    Getting services in org example / space dev as user@example.com...
    OK
    name                        service            plan     bound apps   last operation
    solace-messaging-instance   solace-messaging   large-ha              create succeeded
    

  4. Create the service key for the solace-messaging-instance and name it external-mobile-app.

    $ cf create-service-key solace-messaging-instance external-mobile-app
    Creating service key external-mobile-app for service instance solace-messaging-instance as user@example.com...
    OK
    

  5. List the service keys for our service instance.

    $ cf service-keys solace-messaging-instance
    Getting keys for service instance solace-messaging-instance as user@example.com...
    name
    external-mobile-app
    

Get Service Key Credentials

Assuming you have created a service key external-mobile-app for solace-messaging-instance.

  1. Get the service key credentials.

  $ cf service-key solace-messaging-instance external-mobile-app
  Getting key external-mobile-app for service instance solace-messaging-instance as user@example.com...

{ "clientPassword": "848e5357-2185-4c6c-bd98-8afc2da26492", "clientUsername": "v002.cu000006", "publicJmsJndiUris": [ "smf://tcp.local.pcfdev.io:61072" ], "publicMqttTlsUris": [ "ssl://tcp.local.pcfdev.io:61027" ], "publicMqttUris": [ "tcp://tcp.local.pcfdev.io:61039" ], (...) "managementHostnames": [ "shared-vmr-0.local.pcfdev.io" ], "managementPassword": "39159deafcd44b0ebee9d504807dbdd1", "managementUsername": "v002-mgmt", (...) }

Note: With TCP Routes enabled, the apps hosted outside PCF should use all the public ports for messaging.

Save Service Key Credentials

Assuming you have created a service key external-mobile-app for solace-messaging-instance.

  1. Save the service key credentials to a file.

This saves the contents of the service key credentials to a file called external-mobile-app.key. A developer is responsible to pass this file to an app that needs to use the solace-messaging-instance

  $ cf service-key solace-messaging-instance external-mobile-app | grep -v Getting > external-mobile-app.key
  

Delete a Service Key for a Service Instance with the cf CLI

To revoke an app’s permission to use a Solace Messaging Instance, you can delete its service key.

Assuming you have created a service key external-mobile-app for solace-messaging-instance.

  1. Delete the service key for the service instance.

  $ cf delete-service-key solace-messaging-instance external-mobile-app

Really delete the service key external-mobile-app?> yes Deleting key external-mobile-app for service instance solace-messaging-instance as user@example.com... OK

Create a pull request or raise an issue on the source for this page in GitHub