Issue Injecting OAuth Secrets (client_id/client_secret) into IRIS Productions in Docker
Hello Community,
I’m working on an InterSystems IRIS production that needs to call an external API using OAuth client credentials (client_id and client_secret). For security reasons, I must pass these credentials via environment variables in my Docker container.
In the IRIS terminal, I can successfully retrieve these environment variables using $System.Util.GetEnviron("api-clientid")
and $System.Util.GetEnviron("api-clientsecret")
. However, inside my Business Operation class (OnMessage method), these environment variables return empty strings.
I verified that the variables are properly set in the Docker container environment, and the IRIS instance has access to them in the terminal session.
I suspect that the production or namespace context might not have access to the environment variables, or that the way IRIS runs productions might isolate the environment variables.
I have also read about potentially injecting variables into the namespace environment via system configurations, but I’m unsure how to do this effectively or if it will solve the problem.
Questions:
- How can I reliably access environment variables from within an IRIS production running inside Docker or Kubernetes?
- Is there a recommended best practice for injecting secrets such as client_id and client_secret into the IRIS environment used by productions?
- Any examples or configurations that have worked for others to pass sensitive environment variables into Business Operations or Services?
Thanks in advance for your help!