Passing Security Token as a Viarable in a Scenario Webhook

lina

Hi,

I am communicating from a scenario webhook to JIRA to automatically report issues.

My problem is that I have to pass my JIRA token into the webhook, which is currently visible to the collaborators in the project. Is it possible to store my token somewhere and call it as a variable? like S{token}.

I have read about Dataikue secrets but I am not sure how to add one or call it in my webhook.

Would appreciate your advice.

Thanks

Alexandru

Hi @lina
,

Overall it would be better practice to create a service account with limited permissions to that particular project in JIRA and use that API token instead of the one linked to your personal account.

https://community.atlassian.com/t5/Confluence-questions/API-Key-permission/qaq-p/1207626

While there is no functionality to use a secret directly in the webhook of the scenario.

You can create a python step and set a scenario variable. This wouldn't necessarily add additional security other than the fact that collaborators on the project would not see the secret directly in the UI for the Webhook.

This would also means that the "Run as" must be set to your actual user. Otherwise retrieving the secret would fail.

Here is a sample code you can use in the python step in the scenario to set the scenario from the value of your secret. In the webhook headers, you can use ${jira_api_secret}.

import json
import dataiku
from dataiku.scenario import Scenario

client = dataiku.api_client()
auth_info = client.get_auth_info(with_secrets=True)

print(auth_info)

# retrieve the secret named "credential-for-my-api"
secret_value = None
for secret in auth_info["secrets"]:
        if secret["key"] == "credential-for-my-api":
                secret_value = secret["value"]
                break

if not secret_value:
        raise Exception("secret not found")

Scenario().set_scenario_variables(jira_api_secret=secret_value)

Hope this helps!