# API Provisioning

Building on the `provisioning.yaml`, API `provisiong` allows for uploading the files directly Lenses from anywhere with network access and without access to the host where Lenses is installed.

<figure><img src="https://github.com/lensesio-dev/docs/blob/release/5.5/deployment/.gitbook/assets/provisiong-api.png" alt=""><figcaption></figcaption></figure>

## Uploading supporting files

Many connections need files, for example, to secure Kafka with SSL you will need a keystore and optionally a trust store.

To reference a file in the, for the configuration option set the key to be "**file**" and the value to reference in the API request. For example, given:

```
    configuration:
      protocol:
        value: SASL_SSL
      sslKeystore:
        file: "my-keystore-file"
```

To upload the file to be used for the configuration option `sslKeystore`: add the following to the request:

```
--form "my-keystore-file=@${PATH_TO_KEYSTORE_FILE};type=application/octet-stream" \
```

## API Call

1. Set the type to application/octet-stream.
2. The name of the part in the multipart request (supporting files) should match the value of the property pointing to the mounted file in the `provisioning.yaml` descriptor. This ensures accurate mapping and referencing of files.
3. Set LENSES\_SESSION\_TOKEN as the value of the Lenses Service Account token you want to use to automate provisioning.

```bash
curl --location --request PUT "${LENSES_ENV}/api/v1/state/connections" \
   --header "X-Kafka-Lenses-Token: ${LENSES_SESSION_TOKEN}" \
   --header 'Content-Type: multipart/form-data' \
   --header 'Content-Disposition: form-data;' \
   --form "my-keystore-file=@${PATH_TO_KEYSTORE_FILE};type=application/octet-stream" \
   --form 'provisioning=@"resources/provisioning.yaml";type=text/plain(utf-8)' 
```

In this example, the `provisioning.yaml` is read from **provisioning=@"resources/provisioning.yaml.**

The provisioning.yaml contains a reference to "my-keystore-file" which is loaded from **@${PATH\_TO\_KEYSTORE\_FILE};type=application/octet-stream**

## Managing secrets

The provisioning.yaml contains secrets. If you are deploying via Helm the chart will use Kubernetes secrets.

Additionally, support is provided for referencing environment variables. This allows you to set secrets in your environment and have the value resolved at runtime. i.e. inject an environment variable from GitHub secrets for passwords.

```
sslKeystorePassword:
  value: ${ENV_VAR_NAME}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lenses.io/latest/devx/5.5/deployment/installation/automation/api-provisioning.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.