BarAuth configuration

Use the BarAuth configuration to provide connection credentials for an external repository system that stores one or more BAR files that you want to deploy.

Summary of key details

File name or type
JSON file
Does the file contain secrets?
Yes
Location of imported or extracted data
  • JSON content is extracted to /home/aceuser/secrets
  • CA certificates are extracted to /home/aceuser/barurlendpoint
Maximum number of BarAuth configurations allowed per integration runtime
One

The BarAuth file

The BarAuth configuration requires a JSON file that contains credentials for connecting to an HTTPS endpoint where one or more BAR files are stored.

You can reference these BAR files in a comma-separated list in the Bar URL field when you deploy a BAR file. The same credentials must apply for all the BAR files that you reference for deployment. You can apply only one configuration of type BarAuth to an integration. However, multiple integrations can use a BarAuth configuration to connect to the same endpoint.

The credentials that are needed to connect to an external repository depend on the type of security that is configured for the endpoint. Connections are supported to the following types of endpoint:
  • Endpoints that require basic authentication credentials
  • Endpoints that use self-signed certificates or certificates from a corporate or trusted certificate authority (CA)
  • Endpoints that require no authentication
To specify credentials to connect to an external repository, define the JSON content, then save the file as filename.json. The following guidelines describe how to define the content.
  • If the endpoint requires no authentication, specify a blank username and password in JSON format in a text editor:
    {"authType":"BASIC_AUTH","credentials":{"username":"","password":""}}
  • If the endpoint is secured with basic authentication, specify a valid username and password in JSON format in a text editor:
    {"authType":"BASIC_AUTH","credentials":{"username":"myUsername","password":"myPassword"}}
    Note:

    If you're using basic authentication that requires a username with an API key as the password, you can specify the API key as the myPassword value.

    If you're connecting to an endpoint that uses a certificate from a trusted CA, you can connect by using basic authentication without the need to specify any certificate details.

  • To ignore all certificate errors from the endpoint, include the insecureSsl: true setting in the JSON content in a text editor:
    {"authType":"BASIC_AUTH","credentials":{"username":"myUsername","password":"myPassword","insecureSsl":"true"}}
  • If the endpoint requires a self-signed certificate or a corporate CA-issued certificate, use a caCert setting to provide the actual certificate. To specify the certificate content in a JSON-compliant format, you must remove any line breaks from the certificate by converting it to a single line.
    1. Use your preferred method to convert the certificate content to a single line. In the following example, the awk command is used to replace any hidden newline characters in a certificate file (named caCert.pem) with the end-of-line terminator (\n). The resulting output displays the certificate content as a single line.
      awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' caCert.pem
    2. In a text editor, add the following JSON content with a caCert value that specifies the single-line output for the certificate content: 
      {"authType":"BASIC_AUTH","credentials":{"username":"myUsername","password":"myPassword","caCert":"-----BEGIN CERTIFICATE-----\nThisText\nREPRESENTSa\nVERYlongSringOfCharactersINa\nSingleLine\n-----END CERTIFICATE-----\n"}}

To configure your integration to connect to the repository that contains your BAR files, create a BarAuth configuration on the Configurations tab of the Manage page. For more information, see Providing credentials and secrets in configurations.

You can then import the .json file into the BarAuth editor, or paste in the contents.
BarAuth text editor with pasted contents
Tip: For security reasons, the password in the .json content that you add is available only as a REDACTED value after you create the configuration.

When you deploy the integration, the BarAuth JSON file is extracted into the default configuration directory /home/aceuser/secrets/, and any CA certificates that you specify in the credentials are extracted to /home/aceuser/barurlendpoint. You can't access these locations directly, but you can use them to refer to the settings from other configurations.