As you may know, Cloud Assembly already provided access to secret properties, which are defined as reusable, encrypted values that project users may add to their cloud template designs.
However the March release of vRealize Cloud has introduced the ability to create and store constants values with Cloud Assembly, constants values that can be consumed as encrypted input by all FaaS providers and runtimes supported in extensibility actions (ABX).
Encryption is useful for use cases where your inputs are used to manage sensitive data, such as passwords and certificates.
It is important to highlight, that under Cloud Assembly Extensibility, the “Manage Action Secrets” option has been renamed “Action Constants” and they will share the same list of project service secrets. There is no action needed for users having existing action constants from previous release, expect this change also happening with vRealize Automation 8.4.
Let’s take a closer look with a simple example, in Cloud Assembly I have created a secret property named: cloudassembly-Segreto and assigned it to an existing Project:
then, under Extensibility’s Action Constants (formerly known as Manage Action Secrets)
I created another Action Constant named: azioneCostante
Note that, at any point I could edit or remove both entries and that the original values will not be displayed when editing, furthermore, the Cloud Assembly Secrets are defined for both Cloud Assembly and ABX consumption but within Project scope while the second kind, the Action Constants are available only for ABX but with global scope.
Now I will access both secure properties from an extensibility action (ABX) by checking on the option “Secret” , that you could find under the Default Input section, this option will allow you to perform a search for displaying all possible value matches then select our property:
at that time, we could leverage the built-in function context.getSecret() to decrypt the data values, I want to emphasize that you could exploit the context.getSecret() function with all the supported Extensibility Action’s FaaS providers and runtimes, in my example above I am using Python and the one below implements PowerShell.
And when we execute this two Extensibility Actions, we could see how both, the Cloud Assembly Secret and Action Constants data is accessed by the script while keeping sensitive data hidden, unless you decide to print it out as I did so for this blog:
With Cloud Assembly, you can create and store constants for use in extensibility action (ABX).
Extensibility action constants streamlines the process to feed sensitive input data to your extensibility scripts while maintaining flexibility and seamless operation for all FaaS providers and runtimes.