Managing credentials question

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Managing credentials question

Adam Iezzi
I'm trying to figure out the best way (and most secure) to use user-specific credentials for various data stores. For example, I have a few python paragraphs setup to query an external MySQL DB using python's mysql.connector package. In order to establish the connection, I have to add the DB username/password as arguments in my paragraph, which is probably not the most secure approach.

I'm wondering if there is a way to store these credentials somewhere else (not in clear text in my notebook), so they can be referenced via the notebook paragraphs in a more secure way? Or better yet, is there another way to solve this issue that I may be missing?

Thank you for all of the help.

Adam
Reply | Threaded
Open this post in threaded view
|

Re: Managing credentials question

moon
Administrator
Hi,

"Credential" menu provides closest feature I think.

Through "Credential" menu, each user can pass user-specific credential informations to Interpreters. And interpreter can retrieve those informations and use it internally. Also interpreter exposes API to user, so user can access those informations in Python, Scala, etc.

Current limitation is, credential menu store it's information in memory only or in file without encryption.

If "Credential" menu store credential in a file with encryption, does this solve your problem?

Thanks,
moon

On Wed, Sep 20, 2017 at 4:06 PM Adam Iezzi <[hidden email]> wrote:
I'm trying to figure out the best way (and most secure) to use user-specific credentials for various data stores. For example, I have a few python paragraphs setup to query an external MySQL DB using python's mysql.connector package. In order to establish the connection, I have to add the DB username/password as arguments in my paragraph, which is probably not the most secure approach.

I'm wondering if there is a way to store these credentials somewhere else (not in clear text in my notebook), so they can be referenced via the notebook paragraphs in a more secure way? Or better yet, is there another way to solve this issue that I may be missing?

Thank you for all of the help.

Adam
Reply | Threaded
Open this post in threaded view
|

Re: Managing credentials question

Adam Iezzi
Yes, encrypting and storing the credentials would be ideal. Essentially, I'm looking for some sort of secrets store which can be accessed via the Zeppelin paragraphs. 

Adam

On Sun, Sep 24, 2017 at 6:30 AM, moon soo Lee <[hidden email]> wrote:
Hi,

"Credential" menu provides closest feature I think.

Through "Credential" menu, each user can pass user-specific credential informations to Interpreters. And interpreter can retrieve those informations and use it internally. Also interpreter exposes API to user, so user can access those informations in Python, Scala, etc.

Current limitation is, credential menu store it's information in memory only or in file without encryption.

If "Credential" menu store credential in a file with encryption, does this solve your problem?

Thanks,
moon

On Wed, Sep 20, 2017 at 4:06 PM Adam Iezzi <[hidden email]> wrote:
I'm trying to figure out the best way (and most secure) to use user-specific credentials for various data stores. For example, I have a few python paragraphs setup to query an external MySQL DB using python's mysql.connector package. In order to establish the connection, I have to add the DB username/password as arguments in my paragraph, which is probably not the most secure approach.

I'm wondering if there is a way to store these credentials somewhere else (not in clear text in my notebook), so they can be referenced via the notebook paragraphs in a more secure way? Or better yet, is there another way to solve this issue that I may be missing?

Thank you for all of the help.

Adam

Reply | Threaded
Open this post in threaded view
|

Re: Managing credentials question

herval
I started something on that direction here, for internal use: https://github.com/herval/zeppelin/tree/encrypt-credentials

If that's the kind of thing that may interest everyone else, I can get a PR going

h

On Mon, Sep 25, 2017 at 7:07 AM, Adam Iezzi <[hidden email]> wrote:
Yes, encrypting and storing the credentials would be ideal. Essentially, I'm looking for some sort of secrets store which can be accessed via the Zeppelin paragraphs. 

Adam

On Sun, Sep 24, 2017 at 6:30 AM, moon soo Lee <[hidden email]> wrote:
Hi,

"Credential" menu provides closest feature I think.

Through "Credential" menu, each user can pass user-specific credential informations to Interpreters. And interpreter can retrieve those informations and use it internally. Also interpreter exposes API to user, so user can access those informations in Python, Scala, etc.

Current limitation is, credential menu store it's information in memory only or in file without encryption.

If "Credential" menu store credential in a file with encryption, does this solve your problem?

Thanks,
moon

On Wed, Sep 20, 2017 at 4:06 PM Adam Iezzi <[hidden email]> wrote:
I'm trying to figure out the best way (and most secure) to use user-specific credentials for various data stores. For example, I have a few python paragraphs setup to query an external MySQL DB using python's mysql.connector package. In order to establish the connection, I have to add the DB username/password as arguments in my paragraph, which is probably not the most secure approach.

I'm wondering if there is a way to store these credentials somewhere else (not in clear text in my notebook), so they can be referenced via the notebook paragraphs in a more secure way? Or better yet, is there another way to solve this issue that I may be missing?

Thank you for all of the help.

Adam


Reply | Threaded
Open this post in threaded view
|

Re: Managing credentials question

moon
Administrator
Sounds like a plan!

On Mon, Sep 25, 2017 at 11:33 AM Herval Freire <[hidden email]> wrote:
I started something on that direction here, for internal use: https://github.com/herval/zeppelin/tree/encrypt-credentials

If that's the kind of thing that may interest everyone else, I can get a PR going

h

On Mon, Sep 25, 2017 at 7:07 AM, Adam Iezzi <[hidden email]> wrote:
Yes, encrypting and storing the credentials would be ideal. Essentially, I'm looking for some sort of secrets store which can be accessed via the Zeppelin paragraphs. 

Adam

On Sun, Sep 24, 2017 at 6:30 AM, moon soo Lee <[hidden email]> wrote:
Hi,

"Credential" menu provides closest feature I think.

Through "Credential" menu, each user can pass user-specific credential informations to Interpreters. And interpreter can retrieve those informations and use it internally. Also interpreter exposes API to user, so user can access those informations in Python, Scala, etc.

Current limitation is, credential menu store it's information in memory only or in file without encryption.

If "Credential" menu store credential in a file with encryption, does this solve your problem?

Thanks,
moon

On Wed, Sep 20, 2017 at 4:06 PM Adam Iezzi <[hidden email]> wrote:
I'm trying to figure out the best way (and most secure) to use user-specific credentials for various data stores. For example, I have a few python paragraphs setup to query an external MySQL DB using python's mysql.connector package. In order to establish the connection, I have to add the DB username/password as arguments in my paragraph, which is probably not the most secure approach.

I'm wondering if there is a way to store these credentials somewhere else (not in clear text in my notebook), so they can be referenced via the notebook paragraphs in a more secure way? Or better yet, is there another way to solve this issue that I may be missing?

Thank you for all of the help.

Adam


Reply | Threaded
Open this post in threaded view
|

Re: Managing credentials question

herval

On Mon, Sep 25, 2017 at 12:06 PM, moon soo Lee <[hidden email]> wrote:
Sounds like a plan!

On Mon, Sep 25, 2017 at 11:33 AM Herval Freire <[hidden email]> wrote:
I started something on that direction here, for internal use: https://github.com/herval/zeppelin/tree/encrypt-credentials

If that's the kind of thing that may interest everyone else, I can get a PR going

h

On Mon, Sep 25, 2017 at 7:07 AM, Adam Iezzi <[hidden email]> wrote:
Yes, encrypting and storing the credentials would be ideal. Essentially, I'm looking for some sort of secrets store which can be accessed via the Zeppelin paragraphs. 

Adam

On Sun, Sep 24, 2017 at 6:30 AM, moon soo Lee <[hidden email]> wrote:
Hi,

"Credential" menu provides closest feature I think.

Through "Credential" menu, each user can pass user-specific credential informations to Interpreters. And interpreter can retrieve those informations and use it internally. Also interpreter exposes API to user, so user can access those informations in Python, Scala, etc.

Current limitation is, credential menu store it's information in memory only or in file without encryption.

If "Credential" menu store credential in a file with encryption, does this solve your problem?

Thanks,
moon

On Wed, Sep 20, 2017 at 4:06 PM Adam Iezzi <[hidden email]> wrote:
I'm trying to figure out the best way (and most secure) to use user-specific credentials for various data stores. For example, I have a few python paragraphs setup to query an external MySQL DB using python's mysql.connector package. In order to establish the connection, I have to add the DB username/password as arguments in my paragraph, which is probably not the most secure approach.

I'm wondering if there is a way to store these credentials somewhere else (not in clear text in my notebook), so they can be referenced via the notebook paragraphs in a more secure way? Or better yet, is there another way to solve this issue that I may be missing?

Thank you for all of the help.

Adam