I have my account enabled for VRF and private service endpoints. When I create service credentials, typically I only see URIs for the public endpoint. How can my bound app working with the credentials obtain the URI for the enabled private endpoint?
Here are the credentials for a Watson Assistant instance enabled for private endpoints. It only has the public URI.
{
"apikey": "myApiKeyValueWouldBeHere",
"iam_apikey_description": "Auto-generated for key 9197a2b1-xxxx-xxxx-xxxx-7a99966e0056",
"iam_apikey_name": "Service credentials test",
"iam_role_crn": "crn:v1:bluemix:public:iam::::serviceRole:Manager",
"iam_serviceid_crn": "crn:v1:bluemix:public:iam-identity::a/1234567890abcdefghijklmnopqrstuvwxyz::serviceid:ServiceId-a2072c22-xxxx-xxxx-xxxx-xxx3a714f525",
"url": "https://api.eu-de.assistant.watson.cloud.ibm.com/instances/932d30c1-xxxx-xxxx"
}
It is possible to generate credentials for private endpoints from both the UI, CLI, terraform, etc.
For the CLI, add the --service-endpoint parameter with value private:
ibmcloud resource service-key-create myCreds Manager
--instance-name myWatsonAssistant_PLUS --service-endpoint private
The above also works with ibmcloud resource service-binding-create.
When using the IBM Cloud console (UI) and the add credentials dialog, go to the advanced options and add inline configuration options. There, add the following value:
{"service-endpoints":"private"}
This will lead to credentials for the private endpoint be generated. You can pass the same key / value in other interfaces like the API or in terraform.
The generated credentials have the additional key private_endpoint set to true.