This website uses cookies. By clicking OK, you consent to the use of cookies. Read our cookie policy.
Accept
Reject
Community

Managing Encryption Keys or IV when using API Designer

Bryam_Hirsch
Level 1
โ€Ž08-23-2023 09:56 PM
Managing Encryption Keys or IV when using API Designer

Hi, 

Im building APIยดs on Dataiku with Python Function as a Endpoint that recieve the parameters encrypted from the request, the code need to decrypt the parameter, perform a series of operations, dataset lookups and the return an encrypted json as a response. 

Everything is working fine, however I have the IV and the Encryption Key hard coded (for development propuses). 

Whats the best way to avoid hard coding the keys and the IV in the code? Tried the user secrets however im not able to retrieved the key from the the code. 

 

this is my piece of code that works on Python Notebooks 

import dataiku

def get_keys(): 
    client = dataiku.api_client()
    auth_info = client.get_auth_info(with_secrets=True)

    secret_value = None
    for secret in auth_info["secrets"]:
            if secret["key"] == "SecrectKey":
                    secret_value = secret["value"]
                    break

    if not secret_value:
            raise Exception("secret not found")

    return secret_value

 

0 Kudos
Reply
3 Replies
Turribeach
Neuron
Neuron
โ€Ž08-23-2023 10:05 PM

I am not sure if retrieving user secrets will work in the API node. I suspect it won't since the API node has no GUI so not sure how you are going to add the user secrets in the first place. So you may have to divert your Dataiku Client API calls inside your API function to your Automation or Designer node to retrieve your user secrets.

You don't really say why you are "not able to retrieved the key from the the code". I believe the problem you have is that in a Notebook the code executes as your user ID so it's able to retrieve the secrets from your account secrets. An API can't do that since it runs in a different context. You will need to impersonate the user that has the secrets to be able to retrieve them:

 

user = client.get_user("the_user_to_impersonate")
client_as_user = user.get_client_as()

# All calls done using `client_as_user` will appear as being performed by `the_user_to_impersonate` and will inherit
# its permissions

 

 

0 Kudos
Reply
Turribeach
Neuron
Neuron
โ€Ž08-23-2023 10:08 PM

But I will be interested to know what happens when you run that in the proper API node (not the embedded one that comes with the Designer node).

0 Kudos
Reply
Bryam_Hirsch
Level 1
Author
โ€Ž08-31-2023 03:46 PM

We found a solution thats suitable for us. 

We created a directory on both servers, Design Node and API Node where Dataiku runs and they will contain the encryption key files. 

From script using OS I can access and read that file. 

 

0 Kudos
Reply

Setup info

?
A banner prompting to get Dataiku
Didn't Find What You Needed?

Post a Question

Help me โ€ฆ
โ€ฆ ask a question โ€ฆ search for an answer โ€ฆ learn to use the Community