Passing Security Token as a Viarable in a Scenario Webhook

Options
lina
lina Registered Posts: 12 ✭✭✭

Hi,

I am communicating from a scenario webhook to JIRA to automatically report issues.

My problem is that I have to pass my JIRA token into the webhook, which is currently visible to the collaborators in the project. Is it possible to store my token somewhere and call it as a variable? like S{token}.

I have read about Dataikue secrets but I am not sure how to add one or call it in my webhook.

Would appreciate your advice.

Thanks

Answers

  • Alexandru
    Alexandru Dataiker, Dataiku DSS Core Designer, Dataiku DSS ML Practitioner, Dataiku DSS Adv Designer, Registered Posts: 1,209 Dataiker
    edited July 17
    Options

    Hi @lina
    ,

    Overall it would be better practice to create a service account with limited permissions to that particular project in JIRA and use that API token instead of the one linked to your personal account.

    https://community.atlassian.com/t5/Confluence-questions/API-Key-permission/qaq-p/1207626

    While there is no functionality to use a secret directly in the webhook of the scenario.

    You can create a python step and set a scenario variable. This wouldn't necessarily add additional security other than the fact that collaborators on the project would not see the secret directly in the UI for the Webhook.

    This would also means that the "Run as" must be set to your actual user. Otherwise retrieving the secret would fail.

    Here is a sample code you can use in the python step in the scenario to set the scenario from the value of your secret. In the webhook headers, you can use ${jira_api_secret}.

    import json
    import dataiku
    from dataiku.scenario import Scenario
    
    client = dataiku.api_client()
    auth_info = client.get_auth_info(with_secrets=True)
    
    print(auth_info)
    
    # retrieve the secret named "credential-for-my-api"
    secret_value = None
    for secret in auth_info["secrets"]:
            if secret["key"] == "credential-for-my-api":
                    secret_value = secret["value"]
                    break
    
    if not secret_value:
            raise Exception("secret not found")
    
    Scenario().set_scenario_variables(jira_api_secret=secret_value)

    Hope this helps!

Setup Info
    Tags
      Help me…