MART configuration

You are currently viewing version 1.4 of the Apigee hybrid documentation.This version is end of life. You should upgrade to a newer version. For more information, see Supported versions.

The Apigee Hybrid management plane must be able to reach theMART servicein the runtime plane. For this reason, you must expose the MARTendpoint to requests coming from outside of the cluster.The MART endpoint is a secure TLS connection. Hybrid uses anIstio ingress gateway service to expose traffic to this endpoint.

The MART setup requires you to provide a trusted TLS key/certificate pairand a qualified domain name. Self-signed certificates are not permitted. For an exampleshowing how to obtain a certificate signed by a CA, see Obtain TLS credentials.

This topic explains the steps to take to expose the MART endpoint.

Adding the MART service account

MART requires a GCP service account for authentication.

In the GCP setup step,Add service accounts, you created a service account with no role for MART. Locate the key file you downloaded for that service account. The file should have a.json extension.

Add the key file path to themart.serviceAccountPath property:

...mart:  sslCertPath:  sslKeyPath:  hostAlias:serviceAccountPath: "path to a file"...

For example:

...mart:  sslCertPath:  sslKeyPath:  hostAlias:serviceAccountPath: "your_keypath/mart-service-account.json...

Adding TLS credentials and the host alias

Open your overrides file.

Add themart.sslCertPath,mart.sslKeyPath, andmart.hostAlias properties. The following table describes these properties:

Property Value

mart.sslCertPath
mart.sslKeyPath The MART certificate/key pair must be authorized by a certificate authority (CA). If you have not previously created an authorized cert/key pair, then you must do so now and enter the certificate and key filenames for the corresponding property values. If you need help generating the authorized cert/key pair, seeObtain TLS credentials: An example.NOTE: The Common Name (CN) in the cert must agree with the value specified in themart.hostAlias property. If the CN is*.hybrid-domain.net and you've registered the hostmart.hybrid-domain.net, then you would setmart.hostAlias to the valuemart.hybrid-domain.net.

mart.hostAlias. (Required) A qualified DNS name for the MART server endpoint. For example,foo-mart.mydomain.com.

Property	Value
`mart.sslCertPath` `mart.sslKeyPath`	The MART certificate/key pair must be authorized by a certificate authority (CA). If you have not previously created an authorized cert/key pair, then you must do so now and enter the certificate and key filenames for the corresponding property values. If you need help generating the authorized cert/key pair, seeObtain TLS credentials: An example.NOTE: The Common Name (CN) in the cert must agree with the value specified in the`mart.hostAlias` property. If the CN is`*.hybrid-domain.net` and you've registered the host`mart.hybrid-domain.net`, then you would set`mart.hostAlias` to the value`mart.hybrid-domain.net`.
`mart.hostAlias`.	(Required) A qualified DNS name for the MART server endpoint. For example,`foo-mart.mydomain.com`.

For example, where the host alias is a qualified domain name:

...mart:  sslCertPath:path-to-file/mart-server.crt  sslKeyPath:path-to-file/mart-server.key  hostAlias: foo-mart.mydomain.com  serviceAccountPath: "your_keypath/mart-service-account.json...

Save your changes.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-18 UTC.

Movatterモバイル変換

MART configuration Stay organized with collections Save and categorize content based on your preferences.

Adding the MART service account

Adding TLS credentials and the host alias

MART configuration