-
-
Notifications
You must be signed in to change notification settings - Fork 1
Authentications
The crowdsec-client support 3 types of authenticiations :
- with machine id and password
- with api key
- with tls certificates
this authentication method is reserved to watcher .
you can create machine credentials with the command
cscli machines add node-watcher -p myPassword -f ./node_credential.yaml
( -f is optional, but without it you will remove your defaults credentials )
const watcherClient = new WatcherClient({
url: 'https://crowdsec.lan',
auth: {
machineID: 'node-watcher',
password: 'myPassword'
}
});
await watcherClient.login();
this authentication is reserved to bouncers
you can create an api key with the command
cscli bouncers add MyBouncerName -k myApiKey
const client = new BouncerClient({
url: 'https://crowdsec.lan',
auth: {
apiKey: 'myApiKey'
}
});
await client.login();
this kind of authentication allow to authenticate watcher or bouncer without manual actions . you can read more here to setup TLS authentication : https://docs.crowdsec.net/docs/local_api/tls_auth/
//create watcher
const watcher = new WatcherClient({
url: "https://crowdsec.lan",
auth: {
cert: fs.readFileSync('agent.pem'),
key: fs.readFileSync('agent-key.pem'),
ca: fs.readFileSync('inter.pem')
}
});
await watcher.login();
//create bouncer
const client = new BouncerClient({
url: "https://crowdsec.lan",
auth: {
cert: fs.readFileSync(path.join(TLSPath, 'bouncer.pem')),
key: fs.readFileSync(path.join(TLSPath, 'bouncer-key.pem')),
ca: fs.readFileSync(path.join(TLSPath, 'inter.pem'))
}
});
await client.login();
Obviously, the command will force the password in this examples ... please use strong password, or let cscli generate them