Keyrings are a DevRev-specific mechanism for managing authentication with external services. Keyrings are called Connections in the DevRev app.
Keyrings provides a secure way to store and manage credentials for external services within your DevRev snap-in. This eliminates the need to expose sensitive information like passwords or access tokens directly within your code or configuration files, enhancing overall security.
For more information, refer to Keyrings in the snap-in manifest. They can be categorized into two main types:
- Default keyrings:
- Organization scoped keyrings: These are secrets used by the entire organization, for example, a Slack token for a workspace.
- User scoped keyrings: These are secrets for a single user, for example, the token to interact with a single person’s Google Calendar.
During installation, the user will be prompted to provide credentials for each keyring.
Breakdown:
-
name: A unique identifier for the keyring in the snap-in.
-
description: A human-readable description of the keyring shown to the user at the time of snap-in installation.
-
types: The list of possible keyring types that the user can provide.
-
display_name: The name that’s shown to the user when they’re asked to provide a keyring.
All user-scoped keyrings are optional in the snap-in, and developers must handle the case where a user-scoped keyring isn’t found.
If you are using version 1 of the manifest, you can omit the organization key in the keyring definition and directly provide the keyring definition as a list. All keyring defined in manifest version 1 are organization-scoped.
Additionally, the keyword connections
is used instead of keyrings
in manifest version 1.
-
Developer scoped keyrings: These are secrets accessible and usable only by the developer creating the snap-in, typically used for personal development workflows.
Breakdown:
-
name: A unique identifier for the keyring in the snap-in.
-
description: A human-readable description of the keyring shown to the user at the time of snap-in installation.
-
display_name: The name that’s shown to the user when they’re asked to provide a keyring.
Enable external service connections with keyring types
While DevRev offers pre-defined keyring types for common services, you can leverage this mechanism further to create custom types for specific service integrations.
Pre-defined keyring types:
-
devrev-snap-in-secret: Stores simple string tokens utilized by the snap-in itself.
-
devrev-atlassian-jira-oauth: Facilitates OAuth connections for integrating with Jira.
-
devrev-slack-oauth: Facilitates OAuth connections for integrating with Slack.
-
devrev-google-oauth: Facilitates OAuth connections for integrating with Google.
-
devrev-github-oauth: Facilitates OAuth connections for integrating with GitHub.
-
devrev-zendesk-oauth: Facilitates OAuth connections for integrating with Microsoft.
Manifest Declaration:
-
Custom keyring types for OAuth:
Developer Keyring:
-
The
developer_keyrings
type allows the creation of keyrings that hold sensitive information like client IDs and client secrets required for OAuth authorization with external services. These keyrings are intended for development environments and should not be used in production due to security concerns. Here’s an example configuration snippet demonstrating adeveloper_keyring
namedcustom-oauth-credentials
:
To create a developer keyring, follow these steps:
-
Replace
$CLIENT_CREDENTIALS
in the following command with your actual OAuth client ID and client secret combined into a JSON string. -
Execute Command: Run the following command, replacing
<name of the keyring>
with your desired keyring name.
The keyring will be passed while
snap_in_version
is being created.Keyring usage in manifest:
3.1. Reusing Predefined keyring_type with Custom Scopes: Here’s an example of a custom keyring type for an existing OAuth2 keyring type while customizing the required scopes for your specific external service.
3.2. Custom keyring type definition: This approach defines a new, entirely custom keyring type with complete control over the OAuth flow configuration.
-
-
Define Basic keyring type: Here’s an example of a custom keyring type for establishing secure Basic Auth connections within your snap-in:
-
Define Multi-filed keyring: Here’s an example of a custom keyring type for establishing secure connections with multiple fields within your snap-in:
Supported keywords in keyring_type configuration: The supported keywords that can be dynamically inserted into URLs, headers, and query parameters within your custom keyring type configuration.
- [ACCESS_TOKEN]: The access token obtained during the OAuth flow.
- [REFRESH_TOKEN]: The refresh token obtained during the OAuth flow.
- [CLIENT_ID]: The client ID obtained from the OAuth client credentials.
- [CLIENT_SECRET]: The client secret obtained from the OAuth client credentials.
- [SCOPE]: The scope of the OAuth flow.
- [API_KEY]: The API key obtained from the basic flow.
For examples of how to use keyrings in your snap-in, refer to the Keyring API documentation.