Layer7 API Management

How can I protect private keys in the gateway that are owned by different development groups?

Development group X has a private key that is used to authenticate to web service X.

Development group Y has a private key that is used to authenticate to web service Y.

How can I prevent development group X from using development group Y's private key to access service Y?

Thanks!

- Josh

Dear Josh,

Not sure your use case, but as the name suggested, the private key should be kept by the owner only, you should only need to install their public keys on gateway to establish mutual ssl connection.

Regards,

Mark

Josh,

I was reviewing different security methods that could allow for only each group to use their own certificate. As the truststore that is used in the gateway is shared, neither roles or security zones (Understanding Security Zones - CA API Gateway - 9.2 - CA Technologies Documentation) has the capability to lock them down from being selected in the assertions. I would suggest that you open an idea in our community that speaks to this use case.

Sincerely,

Stephen Hughes

Director, CA Support

## UPDATE ##

Stephen originally presented the data as we at CA understood it earlier. We have since discovered some newer information which has changed our viewpoint a bit. This seems to be possible with a mix of RBAC and Security Zones in use.

There is an open support case right now which is being worked on for this very topic (I think it's actually your own support case Josh, haha). Once we confirm this will work using a mix of RBAC and Security Zones, we will update this community post with the latest information of how we got it working so everyone can benefit from it.

Sincerely,

Dustin Dauncey
Sr Support Engineer, Global Customer Success
Email: Dustin.Dauncey@ca.com
Phone: +1 800 225 5224 ,48385
Phone if outside North America - https://tinyurl.com/CAContactSupport
CA API Management Community: https://tinyurl.com/CAAPIMCommunity