I’m learning how to use variables and secrets in API endpoints, and one thing I can’t figure out is how to access secrets from an API endpoint that has authentication disabled. Unlike variables, secrets appear to be bound to specific roles, and the API endpoint settings only allow selecting roles when authentication is enabled.
Here’s my simple use case: I want to expose a public endpoint to trigger a call to an external service which requires an API key, but I don’t want to expose that API key to the anonymous clients. I could store the API key in a regular variable, but I’d rather store it in a secret.
I was able to get this to work just fine in 5.5.5.
Do you have any roles assigned to the secret? I made a test secret, made sure that no roles were assigned, and was able to reference it from an endpoint with authentication disabled as well and it worked.
Are you getting any error messages?
I’m using the latest container image in an Azure Web App deployment. I just tried it again:
The output is this:
[
“Not Found | Skillable Studio”,
“$Secret:SkillableApiKey is null or empty”
]
The code snippet in the public API endpoint is this:
Write-Output “$SkillableApiUrl”
if ([string]::IsNullOrEmpty($Secret:SkillableApiKey)) {
Write-Output ‘$Secret:SkillableApiKey is null or empty’
}
There’s no error in the log, but $Secret:SkillableApiKey is null or empty. If I modify the secret to set a role, set a role on the API endpoint, it works. It doesn’t work when both don’t have assigned roles.
