Shared Secrets

importthepandas
importthepandas Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS Core Concepts, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 115 Neuron

As we've been developing plugins and for other more exotic use cases, we've seen the need for shared secrets in Dataiku. Teams share account credentials or plugins may rely on some group based credential (e.g. Box JWT tokens for a "team account"). We hack around this using FTP type connections and parsing their secrets or an external secrets service which is harder to maintain. Group / shared secrets arent too far off as it is with Dataiku's great credentials handling, and this would be highly beneficial feature for collaboration and team based projects.

Tagged:
31
31 votes

In the Backlog · Last Updated

Comments

  • Turribeach
    Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,088 Neuron

    I support this too. We should really have a way to store shared secrets. At the moment what we do is that we create a Dataiku local account and use the user secrets for that account to store the shared secrets. This works as we use this account as the "runner" account to run project scenarios with a non-admin account which is only permissioned for each project.

  • Ashley
    Ashley Dataiker, Alpha Tester, Dataiku DSS Core Designer, Registered, Product Ideas Manager Posts: 162 Dataiker

    Thanks for your idea, @importpandas
    . Your idea meets the criteria for submission, we'll reach out should we require more information.

    If you’re reading this post and think it would be a great capability to add to Dataiku, be sure to kudos the original post! Feel free to leave a comment in the discussion about how this capability would help you or your team.

    Take care,
    Ashley

  • johntarr
    johntarr Registered Posts: 7 ✭✭✭✭

    Hoping this gets prioritized.

    We have several API calls and the developers are hardcoding the keys in the code (or at best placing them in the global variables for the project).

    Can't put them in instance variables, or it exposes the key to all users.

  • importthepandas
    importthepandas Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS Core Concepts, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 115 Neuron

    @johntarr
    it's not pretty, but one hackaround we've implemented is to use an e.g. FTP connection and store your shared secrets as a json array there. then use dataiku apis to get the connection and its info/secrets for usage. it actually works well, but a dedicated secrets management module would be better.

  • Tanguy
    Tanguy Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS ML Practitioner, Dataiku DSS Core Concepts, Neuron, Dataiku DSS Adv Designer, Registered, Dataiku DSS Developer, Neuron 2023 Posts: 118 Neuron

    I have a request closely related to this subject. So it's only natural I'm in favor of this product idea

    Please note that this component should not be dependent on the Dataiku node (especially between Design and Automation) to avoid new releases when changing secrets.

Setup Info
    Tags
      Help me…