Shared Secrets

As we've been developing plugins and for other more exotic use cases, we've seen the need for shared secrets in Dataiku. Teams share account credentials or plugins may rely on some group based credential (e.g. Box JWT tokens for a "team account"). We hack around this using FTP type connections and parsing their secrets or an external secrets service which is harder to maintain. Group / shared secrets arent too far off as it is with Dataiku's great credentials handling, and this would be highly beneficial feature for collaboration and team based projects.

5 Comments

I support this too. We should really have a way to store shared secrets. At the moment what we do is that we create a Dataiku local account and use the user secrets for that account to store the shared secrets. This works as we use this account as the "runner" account to run project scenarios with a non-admin account which is only permissioned for each project. 

 

 

I support this too. We should really have a way to store shared secrets. At the moment what we do is that we create a Dataiku local account and use the user secrets for that account to store the shared secrets. This works as we use this account as the "runner" account to run project scenarios with a non-admin account which is only permissioned for each project. 

 

 

AshleyW
Dataiker

Thanks for your idea, @importpandas. Your idea meets the criteria for submission, we'll reach out should we require more information.

If youโ€™re reading this post and think it would be a great capability to add to Dataiku, be sure to kudos the original post! Feel free to leave a comment in the discussion about how this capability would help you or your team.

Take care,
Ashley

Status changed to: In the Backlog

Thanks for your idea, @importpandas. Your idea meets the criteria for submission, we'll reach out should we require more information.

If youโ€™re reading this post and think it would be a great capability to add to Dataiku, be sure to kudos the original post! Feel free to leave a comment in the discussion about how this capability would help you or your team.

Take care,
Ashley

johntarr
Level 3

Hoping this gets prioritized. 

We have several API calls and the developers are hardcoding the keys in the code (or at best placing them in the global variables for the project).

Can't put them in instance variables, or it exposes the key to all users.

Hoping this gets prioritized. 

We have several API calls and the developers are hardcoding the keys in the code (or at best placing them in the global variables for the project).

Can't put them in instance variables, or it exposes the key to all users.

@johntarr it's not pretty, but one hackaround we've implemented is to use an e.g. FTP connection and store your shared secrets as a json array there. then use dataiku apis to get the connection and its info/secrets for usage. it actually works well, but a dedicated secrets management module would be better.

@johntarr it's not pretty, but one hackaround we've implemented is to use an e.g. FTP connection and store your shared secrets as a json array there. then use dataiku apis to get the connection and its info/secrets for usage. it actually works well, but a dedicated secrets management module would be better.

I have a request closely related to this subject. So it's only natural I'm in favor of this product idea ๐Ÿ˜Š

Please note that this component should not be dependent on the Dataiku node (especially between Design and Automation) to avoid new releases when changing secrets.

I have a request closely related to this subject. So it's only natural I'm in favor of this product idea ๐Ÿ˜Š

Please note that this component should not be dependent on the Dataiku node (especially between Design and Automation) to avoid new releases when changing secrets.