Shared Secrets
As we've been developing plugins and for other more exotic use cases, we've seen the need for shared secrets in Dataiku. Teams share account credentials or plugins may rely on some group based credential (e.g. Box JWT tokens for a "team account"). We hack around this using FTP type connections and parsing their secrets or an external secrets service which is harder to maintain. Group / shared secrets arent too far off as it is with Dataiku's great credentials handling, and this would be highly beneficial feature for collaboration and team based projects.
Comments
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 1,757 NeuronOptionsI support this too. We should really have a way to store shared secrets. At the moment what we do is that we create a Dataiku local account and use the user secrets for that account to store the shared secrets. This works as we use this account as the "runner" account to run project scenarios with a non-admin account which is only permissioned for each project.
-
AshleyW Dataiker, Alpha Tester, Dataiku DSS Core Designer, Registered, Product Ideas Manager Posts: 161 DataikerOptionsThanks for your idea, @importpandas
. Your idea meets the criteria for submission, we'll reach out should we require more information.
If you’re reading this post and think it would be a great capability to add to Dataiku, be sure to kudos the original post! Feel free to leave a comment in the discussion about how this capability would help you or your team.
Take care,
Ashley -
Hoping this gets prioritized.
We have several API calls and the developers are hardcoding the keys in the code (or at best placing them in the global variables for the project).
Can't put them in instance variables, or it exposes the key to all users.
-
importthepandas Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS Core Concepts, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 115 NeuronOptions
@johntarr
it's not pretty, but one hackaround we've implemented is to use an e.g. FTP connection and store your shared secrets as a json array there. then use dataiku apis to get the connection and its info/secrets for usage. it actually works well, but a dedicated secrets management module would be better. -
Tanguy Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS ML Practitioner, Dataiku DSS Core Concepts, Neuron, Dataiku DSS Adv Designer, Registered, Dataiku DSS Developer, Neuron 2023 Posts: 112 NeuronOptionsI have a request closely related to this subject. So it's only natural I'm in favor of this product idea
Please note that this component should not be dependent on the Dataiku node (especially between Design and Automation) to avoid new releases when changing secrets.
