cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Accessing the credential vault from a workflow

ScottD
Participant

When I pass an Authorization header in an "HTTP Request" workflow action using the credential vault format that can be used with HTTP monitors, I get HTTP 401 errors:

{
"Accept": "application/json; charset=utf-8",
"Content-Type": "application/json; charset=utf-8",
"Authorization": "Api-Token {CREDENTIALS_VAULT-54B131CE41C87603|token}"
}

If I hard-code the API token itself in the workflow's Authorization header instead, it works fine:

{
"Accept": "application/json; charset=utf-8",
"Content-Type": "application/json; charset=utf-8",
"Authorization": "Api-Token dt0c01.GNLBY51QNGTC9TVHRNUH3U2Y.3IYAIBF5L2QTRMVG3A4B2LHULQLUMK32A4EJ12567VIEHK4PNVWLNJQXUAPGUBGI"
}

The credential vault entity ID being used is valid, and the API token being referenced has the correct scope. I'm working with the /synthetic/executions/batch API in this case, but I expect the issue applies to other use cases as well.

Is there a way to use the credential vault in a workflow, the way you can with HTTP monitors? Or will this be possible in the future? I do not want to have to hard-code API tokens into workflows.

The credential vault and token values shown above are not real, BTW.

6 REPLIES 6

michal_zawislak
Dynatrace Advisor
Dynatrace Advisor

Hi ScottD,

Unfortunately, there's no way to access vault credentials (or any settings) in the `HTTP Request` action. However, there is a plan to add support for it soon.

Your AutomationEngine ally!

Is this possible yet? I have the same question as it pertains to Notebooks; I'm trying to set up a Dynatrace API call in a Notebook code section. It works, but only if I hard-code the token.

Hi Michal_zawislak,
How's the current process working? We utilize API calls within our workflow scripts, and are interested in have a finer level access control and using Dynatrace credential vault for security concerns.

 

Hi @duke,

We're working on the possibility of using the credential vault in the "HTTP Request" action as we speak.

I'm not sure, but if by "workflow scripts" you mean running "Run Javascript" actions, could you please try using the @dynatrace-sdk/client-classic-environment-v2 SDK?

Please let me know if that answers your question.

Your AutomationEngine ally!

Hi @michal_zawislak, thanks that works. Appreciate for the prompt response. However found it's working on Workflow but not the Notebooks, wondering what's the diff between those two apps? And is there a way to perform it in Notebooks.

Hi @duke, I'm glad it works! 

There are a few differences between those two apps, but at this point, it's hard to tell which one plays a role here. Could you please share an error you're getting when running your script in Notebooks? It would help to narrow down the root cause. 

Your AutomationEngine ally!

Featured Posts