Misleading instructions for the secret to use on the x-tyk-authorization header

[Exadra37]

Branch/Environment/Version

Tyk docs version 3.2

Relevant Document

https://tyk.io/docs/getting-started/create-api/#step-1-make-sure-you-know-your-api-secret

Describe the error

In the docs says:

Your Tyk Gateway API secret is stored in your tyk.conf file, the property is called secret, you will need to use this as a header called x-tyk-authorization to make calls to the Gateway API.

When following the instructions to create an API with the Tyk Docker CE Docker installation the file tyk.conf doesn't exist, but from the docker-compose.yml file we can see that the tyk.standalone.conf is mapped to tyk.conf inside the docker container.

Requests for the Admin API will fail when I use the value in the json key secret from the file tyk.standalone.conf for the request header x-tyk-authorization:

{
    "message": "Attempted administrative access with invalid or missing key!",
    "status": "error"
}

Looking again to the docker-compose.yml file it looks like we have another secret declared:

environment:
      - TYK_GW_SECRET=foo

Now if I use the foo as the secret for the request header x-tyk-authorization I have access to the Admin API:

{
    "action": "added",
    "key": "Hello-World",
    "status": "ok"
}

Possible Solution

The docker-compose.yml file variable TYK_GW_SECRET could use the secret value as per current instructions in the docs.

For example:

export TYK_SECRET=$(cat tyk.standalone.conf | grep -i secret - | awk '{print $2}' | tr -d '",')

And then in the docker compose file:

environment:
      - TYK_GW_SECRET=${TYK_SECRET? Missing value for env var TYK_SECRET.}