Service Keys for Solace PubSub+ Service Instances

This topic describes how developers can manage service keys for Solace PubSub+ service instances.

About Service Keys

A service key is a way of obtaining credentials for a Solace PubSub+ service instance.

When using service keys, the developer assumes the responsibility of passing the credentials associated with the service key to the app.

Creating a service key for a service instance produces Solace PubSub+ Credentials, these credentials will be associated with the service key.

Deleting a service key of a service instance revokes the associated credentials.

Obtaining credential using service keys can be used for apps that are not hosted in Pivotal Cloud Foundry (PCF). A typical use case is when you have TCP Routes enabled and you have apps running outside PCF that need access to Solace PubSub+ Services running inside PCF.

The following procedures assume you have created a Solace PubSub+ service called solace-pubsub-instance as discussed in Service Instances and that you have some app running outside of PCF.

For more information about managing service keys, see Managing Service Keys.

Create a Service Key for a Service Instance with the cf CLI

To create a service key for an existing Solace PubSub+ service with the cf Command Line Interface (CLI), do the following:

  1. Set your API endpoint to the Cloud Controller of your deployment.

    $ cf api api.YOUR-SYSTEM-DOMAIN
    Setting api endpoint to api.YOUR-SYSTEM-DOMAIN...
    OK
    API endpoint:  https://api.YOUR-SYSTEM-DOMAIN (API version: 2.59.0)
    Not logged in. Use 'cf login' to log in.
    

  2. Log in to your deployment and select an org and a space.

    $ cf login
    API endpoint: https://api.YOUR-SYSTEM-DOMAIN
    Email> user@example.com
    Password>
    

  3. Locate the previously created service.

    $ cf services
    Getting services in org example / space dev as user@example.com...
    OK
    name                        service            plan                bound apps   last operation
    solace-pubsub-instance      solace-pubsub      enterprise-large-ha              create succeeded
    

  4. Create the service key for the solace-pubsub-instance and name it external-mobile-app.

    $ cf create-service-key solace-pubsub-instance external-mobile-app
    Creating service key external-mobile-app for service instance solace-pubsub-instance as user@example.com...
    OK
    

  5. List the service keys for our service instance.

    $ cf service-keys solace-pubsub-instance
    Getting keys for service instance solace-pubsub-instance as user@example.com...
    name
    external-mobile-app
    

Get Service Key Credentials

Assuming you have created a service key external-mobile-app for solace-pubsub-instance.

  1. Get the service key credentials.
    $ cf service-key solace-pubsub-instance external-mobile-app
    Getting key external-mobile-app for service instance solace-pubsub-instance as user@example.com...
    {
    "clientPassword": "848e5357-2185-4c6c-bd98-8afc2da26492",
    "clientUsername": "v002.cu000006",
    "publicJmsJndiUris": [
    "smf://tcp.local.pcfdev.io:61072"
    ],
    "publicMqttTlsUris": [
    "ssl://tcp.local.pcfdev.io:61027"
    ],
    "publicMqttUris": [
    "tcp://tcp.local.pcfdev.io:61039"
    ],
    (...)
    "managementHostnames": [
    "enterprise-shared-0.local.pcfdev.io"
    ],
    "managementPassword": "39159deafcd44b0ebee9d504807dbdd1",
    "managementUsername": "v002-mgmt",
    (...)
    }
    

    Note: With TCP routes enabled, the apps hosted outside PCF should use all the public ports for messaging.

Save Service Key Credentials

Assuming you have created a service key external-mobile-app for solace-pubsub-instance.

  1. Save the service key credentials to a file. This saves the contents of the service key credentials to a file called external-mobile-app.key. A developer is responsible to pass this file to an app that needs to use solace-pubsub-instance.
    $ cf service-key solace-pubsub-instance external-mobile-app | grep -v Getting > external-mobile-app.key
    

Delete a Service Key for a Service Instance with the cf CLI

To revoke an app’s permission to use a Solace PubSub+ Instance, you can delete its service key.

A Default Orphaned Resource Policy or Service Orphaned Resource Policy is checked and applied during service key deletion when service key linked credentials are being removed.

Assuming you have created a service key external-mobile-app for solace-pubsub-instance.

  1. Delete the service key for the service instance.
    $ cf delete-service-key solace-pubsub-instance external-mobile-app
    Really delete the service key external-mobile-app? yes
    Deleting key external-mobile-app for service instance solace-pubsub-instance as user@example.com...
    OK
    
Create a pull request or raise an issue on the source for this page in GitHub