Naming conventions and other specifics regarding the environment variables and user-provided service instances used for sensitive data handling during MTA deployment.
Sensitive values that need to be passed during deployment must be declared as local environment variables before the deployment is initialized. Their names must contain a specific prefix depending on the data type. The supported types are strings, numbers, JSON objects, and Base64-encoded certificates.
|
Naming |
Used For |
|---|---|
|
|
Strings
|
|
|
|
|
|
Certificates |
Limitations regarding the configuration of these specialized environment variables depend on the specific shell or client environment being used. Users should check the documentation for their respective command-line interpreters to determine the correct syntax, capabilities, and limitations for setting environment variables.
When using the persistent user-provided service instance approach, you must adhere to the following format for the name of the user-provided service instance:
__mta-secure-<mtaId>__mta-secure-<mtaId>-<namespace>(if you are using Namespaces)
You must also insert an encryption key in the user-provided service instance that will be used to encrypt and decrypt your data. The key must be 32 characters long and can contain only alphanumeric characters, hyphens, and underscores.
cf cups __mta-secure-<mtaId> -p '{"encryptionKey": "abdfgtresghytiothewqprtimgnhdrwp"}'
For more information, see Using a Persistent User-Provided Service Instance.
When using the disposable user-provided service instance approach, a user-provided service instance is automatically created on your behalf. The following format is used for its name:
__mta-secure-<mtaId>-<random suffix>__mta-secure-<mtaId>-<namespace>-<random suffix>(if you are using Namespaces)
For more information, see Using a Disposable User-Provided Service Instance.
Related Information
Sensitive Data Handling During MTA Deployment