Skip to content

proxy-server/password

A map of ssh public keys to install for the root user

This Param allows setting the Proxy Server authentication password to be used. The password is stored as an encrypted Secure Param and supports storing the secret in an external Vault service.

The Param proxy-servers can be written in a format with a direct URL that includes the username (and password). However, this does not allow the password to be protected by an encrypted Secure Param or stored in a Vault service.

To support secure storage and Vault storage of the Password, the operator must use this Param and the accompanying separate proxy-server/* Params. The following Params are used for independent control of the Proxy Server definition:

  • proxy-server/method = [required] one of http or https
  • proxy-server/host = [required] examples 10.10.10.10 or proxy.example.com
  • proxy-server/username = [optional] example proxy-user
  • proxy-server/password = [optional] stored as a Secure Param
  • proxy-server/port = [optional] example 3128

The individual proxy-server/* Param based use will be enabled if the proxy-server/method has any value set. Subsequently the proxy-servers Param if set; will be ignored. If the method is not set to any value, then the proxy-servers Param will be used directly.

At a minimum, the proxy-server/method and proxy-server/host MUST be set, to create a working Proxy Server definition.

If a username or password is needed, both Params must be set.

This Secure Param will directly encrypt and manage the secret within the DRP Endpoints internal database. External Vault services can be used to store secrets and retrieve them from an external vault. See the RackN documentation for more details:

An example Param value to use an external vault service would set this Param to something like:

  • { "LookupUri": "plugin-vault-name://password?path=proxy-server" }

The defined plugin-vault-name must be setup in advance with the appropriate Param configuration to access and authenticate to the external vault service.