You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@zeppelin.apache.org by Adam Iezzi <ad...@gmail.com> on 2017/09/20 16:06:36 UTC
Managing credentials question
I'm trying to figure out the best way (and most secure) to use
user-specific credentials for various data stores. For example, I have a
few python paragraphs setup to query an external MySQL DB using
python's mysql.connector package. In order to establish the connection, I
have to add the DB username/password as arguments in my paragraph, which is
probably not the most secure approach.
I'm wondering if there is a way to store these credentials somewhere else
(not in clear text in my notebook), so they can be referenced via the
notebook paragraphs in a more secure way? Or better yet, is there another
way to solve this issue that I may be missing?
Thank you for all of the help.
Adam
Re: Managing credentials question
Posted by Herval Freire <hf...@twitter.com>.
Of we go: https://github.com/apache/zeppelin/pull/2599 :-)
h
On Mon, Sep 25, 2017 at 12:06 PM, moon soo Lee <mo...@apache.org> wrote:
> Sounds like a plan!
>
> On Mon, Sep 25, 2017 at 11:33 AM Herval Freire <hf...@twitter.com>
> wrote:
>
>> I started something on that direction here, for internal use:
>> https://github.com/herval/zeppelin/tree/encrypt-credentials
>>
>> If that's the kind of thing that may interest everyone else, I can get a
>> PR going
>>
>> h
>>
>> On Mon, Sep 25, 2017 at 7:07 AM, Adam Iezzi <ad...@gmail.com> wrote:
>>
>>> Yes, encrypting and storing the credentials would be ideal. Essentially,
>>> I'm looking for some sort of secrets store which can be accessed via the
>>> Zeppelin paragraphs.
>>>
>>> Adam
>>>
>>> On Sun, Sep 24, 2017 at 6:30 AM, moon soo Lee <mo...@apache.org> wrote:
>>>
>>>> Hi,
>>>>
>>>> "Credential" menu provides closest feature I think.
>>>>
>>>> Through "Credential" menu, each user can pass user-specific credential
>>>> informations to Interpreters. And interpreter can retrieve those
>>>> informations and use it internally. Also interpreter exposes API to user,
>>>> so user can access those informations in Python, Scala, etc.
>>>>
>>>> Current limitation is, credential menu store it's information in memory
>>>> only or in file without encryption.
>>>>
>>>> If "Credential" menu store credential in a file with encryption, does
>>>> this solve your problem?
>>>>
>>>> Thanks,
>>>> moon
>>>>
>>>> On Wed, Sep 20, 2017 at 4:06 PM Adam Iezzi <ad...@gmail.com>
>>>> wrote:
>>>>
>>>>> I'm trying to figure out the best way (and most secure) to use
>>>>> user-specific credentials for various data stores. For example, I have a
>>>>> few python paragraphs setup to query an external MySQL DB using
>>>>> python's mysql.connector package. In order to establish the connection, I
>>>>> have to add the DB username/password as arguments in my paragraph, which is
>>>>> probably not the most secure approach.
>>>>>
>>>>> I'm wondering if there is a way to store these credentials somewhere
>>>>> else (not in clear text in my notebook), so they can be referenced via the
>>>>> notebook paragraphs in a more secure way? Or better yet, is there another
>>>>> way to solve this issue that I may be missing?
>>>>>
>>>>> Thank you for all of the help.
>>>>>
>>>>> Adam
>>>>>
>>>>
>>>
>>
Re: Managing credentials question
Posted by moon soo Lee <mo...@apache.org>.
Sounds like a plan!
On Mon, Sep 25, 2017 at 11:33 AM Herval Freire <hf...@twitter.com> wrote:
> I started something on that direction here, for internal use:
> https://github.com/herval/zeppelin/tree/encrypt-credentials
>
> If that's the kind of thing that may interest everyone else, I can get a
> PR going
>
> h
>
> On Mon, Sep 25, 2017 at 7:07 AM, Adam Iezzi <ad...@gmail.com> wrote:
>
>> Yes, encrypting and storing the credentials would be ideal. Essentially,
>> I'm looking for some sort of secrets store which can be accessed via the
>> Zeppelin paragraphs.
>>
>> Adam
>>
>> On Sun, Sep 24, 2017 at 6:30 AM, moon soo Lee <mo...@apache.org> wrote:
>>
>>> Hi,
>>>
>>> "Credential" menu provides closest feature I think.
>>>
>>> Through "Credential" menu, each user can pass user-specific credential
>>> informations to Interpreters. And interpreter can retrieve those
>>> informations and use it internally. Also interpreter exposes API to user,
>>> so user can access those informations in Python, Scala, etc.
>>>
>>> Current limitation is, credential menu store it's information in memory
>>> only or in file without encryption.
>>>
>>> If "Credential" menu store credential in a file with encryption, does
>>> this solve your problem?
>>>
>>> Thanks,
>>> moon
>>>
>>> On Wed, Sep 20, 2017 at 4:06 PM Adam Iezzi <ad...@gmail.com> wrote:
>>>
>>>> I'm trying to figure out the best way (and most secure) to use
>>>> user-specific credentials for various data stores. For example, I have a
>>>> few python paragraphs setup to query an external MySQL DB using
>>>> python's mysql.connector package. In order to establish the connection, I
>>>> have to add the DB username/password as arguments in my paragraph, which is
>>>> probably not the most secure approach.
>>>>
>>>> I'm wondering if there is a way to store these credentials somewhere
>>>> else (not in clear text in my notebook), so they can be referenced via the
>>>> notebook paragraphs in a more secure way? Or better yet, is there another
>>>> way to solve this issue that I may be missing?
>>>>
>>>> Thank you for all of the help.
>>>>
>>>> Adam
>>>>
>>>
>>
>
Re: Managing credentials question
Posted by Herval Freire <hf...@twitter.com>.
I started something on that direction here, for internal use:
https://github.com/herval/zeppelin/tree/encrypt-credentials
If that's the kind of thing that may interest everyone else, I can get a PR
going
h
On Mon, Sep 25, 2017 at 7:07 AM, Adam Iezzi <ad...@gmail.com> wrote:
> Yes, encrypting and storing the credentials would be ideal. Essentially,
> I'm looking for some sort of secrets store which can be accessed via the
> Zeppelin paragraphs.
>
> Adam
>
> On Sun, Sep 24, 2017 at 6:30 AM, moon soo Lee <mo...@apache.org> wrote:
>
>> Hi,
>>
>> "Credential" menu provides closest feature I think.
>>
>> Through "Credential" menu, each user can pass user-specific credential
>> informations to Interpreters. And interpreter can retrieve those
>> informations and use it internally. Also interpreter exposes API to user,
>> so user can access those informations in Python, Scala, etc.
>>
>> Current limitation is, credential menu store it's information in memory
>> only or in file without encryption.
>>
>> If "Credential" menu store credential in a file with encryption, does
>> this solve your problem?
>>
>> Thanks,
>> moon
>>
>> On Wed, Sep 20, 2017 at 4:06 PM Adam Iezzi <ad...@gmail.com> wrote:
>>
>>> I'm trying to figure out the best way (and most secure) to use
>>> user-specific credentials for various data stores. For example, I have a
>>> few python paragraphs setup to query an external MySQL DB using
>>> python's mysql.connector package. In order to establish the connection, I
>>> have to add the DB username/password as arguments in my paragraph, which is
>>> probably not the most secure approach.
>>>
>>> I'm wondering if there is a way to store these credentials somewhere
>>> else (not in clear text in my notebook), so they can be referenced via the
>>> notebook paragraphs in a more secure way? Or better yet, is there another
>>> way to solve this issue that I may be missing?
>>>
>>> Thank you for all of the help.
>>>
>>> Adam
>>>
>>
>
Re: Managing credentials question
Posted by Adam Iezzi <ad...@gmail.com>.
Yes, encrypting and storing the credentials would be ideal. Essentially,
I'm looking for some sort of secrets store which can be accessed via the
Zeppelin paragraphs.
Adam
On Sun, Sep 24, 2017 at 6:30 AM, moon soo Lee <mo...@apache.org> wrote:
> Hi,
>
> "Credential" menu provides closest feature I think.
>
> Through "Credential" menu, each user can pass user-specific credential
> informations to Interpreters. And interpreter can retrieve those
> informations and use it internally. Also interpreter exposes API to user,
> so user can access those informations in Python, Scala, etc.
>
> Current limitation is, credential menu store it's information in memory
> only or in file without encryption.
>
> If "Credential" menu store credential in a file with encryption, does this
> solve your problem?
>
> Thanks,
> moon
>
> On Wed, Sep 20, 2017 at 4:06 PM Adam Iezzi <ad...@gmail.com> wrote:
>
>> I'm trying to figure out the best way (and most secure) to use
>> user-specific credentials for various data stores. For example, I have a
>> few python paragraphs setup to query an external MySQL DB using
>> python's mysql.connector package. In order to establish the connection, I
>> have to add the DB username/password as arguments in my paragraph, which is
>> probably not the most secure approach.
>>
>> I'm wondering if there is a way to store these credentials somewhere else
>> (not in clear text in my notebook), so they can be referenced via the
>> notebook paragraphs in a more secure way? Or better yet, is there another
>> way to solve this issue that I may be missing?
>>
>> Thank you for all of the help.
>>
>> Adam
>>
>
Re: Managing credentials question
Posted by moon soo Lee <mo...@apache.org>.
Hi,
"Credential" menu provides closest feature I think.
Through "Credential" menu, each user can pass user-specific credential
informations to Interpreters. And interpreter can retrieve those
informations and use it internally. Also interpreter exposes API to user,
so user can access those informations in Python, Scala, etc.
Current limitation is, credential menu store it's information in memory
only or in file without encryption.
If "Credential" menu store credential in a file with encryption, does this
solve your problem?
Thanks,
moon
On Wed, Sep 20, 2017 at 4:06 PM Adam Iezzi <ad...@gmail.com> wrote:
> I'm trying to figure out the best way (and most secure) to use
> user-specific credentials for various data stores. For example, I have a
> few python paragraphs setup to query an external MySQL DB using
> python's mysql.connector package. In order to establish the connection, I
> have to add the DB username/password as arguments in my paragraph, which is
> probably not the most secure approach.
>
> I'm wondering if there is a way to store these credentials somewhere else
> (not in clear text in my notebook), so they can be referenced via the
> notebook paragraphs in a more secure way? Or better yet, is there another
> way to solve this issue that I may be missing?
>
> Thank you for all of the help.
>
> Adam
>