There could be extension and application use cases deployed on Kyma runtime where the workload is required to connect to an external system. The external system could have been secured with OAuth2, Basic Authentication, Client Certificate Authentication, or any other means.
In all such cases, SAP Destination service can be used to store and retrieve technical information to consume the target external system. SAP Cloud SDK can be used for the boilerplate logic to retrieve the credentials and connect to the external system. The advantage is that the application code is then solely focused on the business logic and all connectivity details are handled by the SAP Cloud SDK.
The flow to connect to an external system that is secured with Client Certificate Authentication using SAP Cloud SDK will look as below. The certificate and all technical information are stored in the SAP Destination service.
SAP Cloud SDK takes care of retrieving the technical details and making them available to the application logic.
The working sample is available in the SAP-Sample repository.
You can follow the step-by-step instructions to try it out.
Have fun exploring Kyma runtime!