Storing API keys securely
Dear Dataiku Team,
Thank you for all your good work with Dataiku environment - we are looking forward to using new functionality with Dataiku 7!
We are now experimenting with builidng API connections in between nodes - I was able to establish the connection using the code from here:
import dataikuapi host = "http://localhost:11200" apiKey = "<MY_SECRET_KEY>" client = dataikuapi.DSSClient(host, apiKey) # client is now a DSSClient and can perform all authorized actions. client.list_project_keys()
How would you approach the topic of security here: secret key is not very sercret if it is hard coded. Does Dataiku offers some safe way of storing it in the environment?
Thank you,
Filip
Best Answer
-
Hi,
We'd recommend using user secrets: https://doc.dataiku.com/dss/latest/security/user-secrets.html
User secrets are stored encrypted on disk.
Please note however that user secrets are per-user, so each user who wants to use this code needs to enter a key as a user secret (with the same secret name).
Answers
-
Hi Clément,
Thank you very much for a quick answer - it worked out very well and now we can store the keys safely.
Have a good day,
Filip -
Hi,
I agree with the point that we can store secret keys in user-profile credentials as per https://doc.dataiku.com/dss/latest/security/user-secrets.html.
But this will only work after creating connection with dataiku via DSSClient and to create that connection we eventually require to pass the host and secret-key while making connection.
Ref:
import dataiku
client = dataiku.DSSClient(host, key)
How we can prevent hardcoding the above "key" in the code to make connection?
Thanks
Tanay
