Problem is some REST API I call need an "apikey" or "token", which is essentially a fancy password needed for the API.
e.g.
Code: Select all
:global apikey [???????]
/tool/fetch url=... http-header-field="Authorization: bearer $apikey" ...
Since I'm just experiment with this approach, I've used them as :global variables loaded by script & this obviously works. But not very secure. Since the script code is pretty visible in the config (e.g. via :export or other uses). And, even load them from a file in /files, the files can't be restricted to a single user either AFAIK.
While for stuff like AWS and other API, you can use the X.509 certificates – which are supported in /tool/fetch under V7, e.g.
Code: Select all
/tool/fetch url=... certificate=...
Basically... I want to "stash" an external REST API's apikey/token/password on a Mikrotik, that will be there after reboot, but not show up in an ":export". Similar to how /certificate stuff work (e.g. in "backup" but not ":export"), except I'm dealing with 8-64 char strings, not certificates. Or, the concept of "encrypted-secrets", which store "private data" used by GitHub repo/actions/etc (e.g. to avoid needing password aren't kept in files/code) .
Curious if any one has any "nifty" solutions to this?