Update example config files to include secure storage options.

Author: phil-levy

examples/config files - basic/1 user-sync-config.yml

@@ -65,6 +65,14 @@ adobe_users:
     # location of this configuration file, not relative to the
     # working directory of your User Sync process.
     umapi: "connector-umapi.yml"
+    # An alternate form for referencing the umapi configuration allows for storage
+    # of the umapi credentials in a secure way:
+    #umapi: $(cat connector-umapi.yml)  # This runs the indicated command and uses
+    # the output as the configuration file.  In this example we are simply
+    # echoing the file contents so it is no more secure than the other form
+    # of file reference.  To make it more secure, you need to provide a
+    # command or script that fetches the data from a secure source.
+    # ("cat" would need to be "type" on a Windows platform.)
 
 # The directory_users section controls how enterprise-side users are accessed,
 # sets default values for attributes not specified in the enterprise directory,
@@ -122,6 +130,14 @@ directory_users:
     # location of this configuration file, not relative to the
     # working directory of your User Sync process.
     ldap: "connector-ldap.yml"
+    # An alternate form for referencing the ldap configuration allows for storage
+    # of the ldap credentials in a secure way:
+    #ldap: $(cat connector-ldap.yml)  # This form runs the indicated command and uses
+    # the output as the configuration file.  In this example we are simply
+    # echoing the file contents so it is no more secure than the other form
+    # of file reference.  To make it more secure, you need to provide a
+    # command or script that fetches the data from a secure source.
+    # ("cat" would need to be "type" on a Windows platform.)
 
     # (optional) csv (no default value)
     # csv stands for "comma-separated values", which is the most common form

examples/config files - basic/2 connector-umapi.yml

@@ -34,3 +34,25 @@ enterprise:
   client_secret: "Client secret goes here"
   tech_acct: "Tech account ID goes here"
   priv_key_path: "path/to/private/key/file"
+
+  # (optional) As an alternative to priv_key_path, you can place the private key 
+  # data directly in this file.  To do this, remove the priv_key_path entry above 
+  # and uncomment the following entry.  Replace the sample data with the data 
+  # from your private key file (which will be much longer).
+  #priv_key_data: |
+  #   -----BEGIN RSA PRIVATE KEY-----
+  #   MIIf74jfd84oAgEA6brj4uZ2f1Nkf84j843jfjjJGHYJ8756GHHGGz7jLyZWSscH
+  #   CoifurKJY763GHKL98mJGYxWSBvhlWskdjdatagoeshere986fKFUNGd74kdfuEH
+  #   -----END RSA PRIVATE KEY-----
+
+  # (optional) You can store credentials in the operating system credential store
+  # (Windows Credential Manager, Mac Keychain, Linux Freedesktop Secret Service
+  # or KWallet - these will be built into the Linux distribution).
+  # To use this feature, uncomment the following entries and remove the 
+  # api_key, client_secret, and priv_key_data above.
+  # The actual credential values are placed in the credential store with the
+  # username as the org_id value, and the key name (perhaps called internet 
+  # or network address) as one of the values below.
+  #secure_api_key_key: umapi_api_key
+  #secure_client_secret_key: umapi_client_secret
+  #secure_priv_key_data_key: umapi_private_key_data