Remote endpoint management
Remote endpoint management enables Authorization Hub to securely connect to external authorization services at runtime. Credentials are centrally managed, securely stored, and can be updated without requiring a redeployment.
CAQ endpoints for Policy insights
Authorization Hub uses remote endpoints to power Policy insights. It connects to a Contextual Authorization Query (CAQ) endpoint to evaluate policies and generate access review reports on demand.
This configuration is optional and can be added at any time. To configure your remote endpoints, follow these steps:
Create a file called
endpoints.yamland store it in theconfigurationsdirectory.Provide the required endpoint definitions. For example:
endpoints:
- name: caq-dev
projectId: "project-123"
description: "CAQ Development Environment"
url: https://endpoint1.example.com
auth:
method: OAUTH2
clientId: my-client
clientSecret: my-secret
tokenUri: "https://auth.example.com/token"
scope: [ "read", "write" ]
- name: caq-e2e
projectId: "project-123"
description: "CAQ End-to-End Environment"
url: https://endpoint2.example.com
auth:
method: BASIC
username: user
password: passnoteEndpoints are scoped to a project through the
projectIdparameter, enabling Policy insights users to run reports using the associated CAQ endpoint. The relevantdescriptionvalues will appear in the Environment dropdown on the Reports page.Navigate to
kubernetes/chartsand run a Helm upgrade:helm upgrade hub \
-f hub/values.yaml hub \
--set registry=748131003707.dkr.ecr.eu-central-1.amazonaws.com/axiomatics/ \
--set hubHostname=$CHANGE_ME \
--set 'imagePullSecrets[0].name=regcred'The Helm chart creates a Kubernetes secret from this file. The application automatically detects changes to the secret without requiring a pod restart.
Update endpoints
To update the endpoints list, modify the configurations/endpoints.yaml file and perform a Helm upgrade.