For Azure Blob connections, credentials are always encrypted. For BigQuery and GCS connections, the credentials are only encrypted when running in OAuth mode. I am not sure about the state of AWS keys in Dataiku. But irrespective of this Dataiku administrators should be able to encrypt all Cloud connection keys. I would also prefer to not have to use private key files for GCP BigQuery and GCS connections and have them stored in a property in the Dataiku connection. It is bad security practice to have credentials unencrypted in clear text files.