Storing Secrets for Scripts: Difference between revisions

From QPR ProcessAnalyzer Wiki
Jump to navigation Jump to search
m (Ollvihe moved page Storing Secrets and Password in Scripts to Storing Secrets for Scripts without leaving a redirect)
No edit summary
Line 1: Line 1:
Secure strings provide a way to store passwords and other confidential information in QPR ProcessAnalyzer in a way that the information can be used without users seeing the original plaintext. For example in ETL scripts, SAP, Salesforce and ODBC passwords can be stored as secure strings, which can then be referred by their names in the ETL script commands.
Secrets provide a way to store passwords and other confidential data in QPR ProcessAnalyzer, so that it can be used without users seeing the original plaintext. For example in ETL scripts, SAP, Salesforce and ODBC passwords can be stored as secrets, which can be referred by their names in the ETL script commands.


When the secure strings are stored, the purpose (called type of the secure string) of the secure string is also defined. Following types are available: ''Odbc connection strings'', ''SAP passwords'' and ''Salesforce passwords''. For example, if a secure string type is ''SAP password'', it cannot be used as an ODBC connection string.
When the secure strings are stored, the purpose (called type of the secure string) of the secure string is also defined. Following types are available: ''Odbc connection strings'', ''SAP passwords'' and ''Salesforce passwords''. For example, if a secure string type is ''SAP password'', it cannot be used as an ODBC connection string.
Line 7: Line 7:
Note: Currently [[SQL Scripting Commands#--.23ImportSqlQuery|ImportSqlQuery]] and [[SQL Scripting Commands#--.23ImportOleDbQuery|ImportOleDbQuery]] don't yet support defining password as a secure string.
Note: Currently [[SQL Scripting Commands#--.23ImportSqlQuery|ImportSqlQuery]] and [[SQL Scripting Commands#--.23ImportOleDbQuery|ImportOleDbQuery]] don't yet support defining password as a secure string.


== Storing Secure Strings ==
== Using Secrets ==
 
Secrets can be used in the following commands:
Secure strings are stored in the QPR ProcessAnalyzer database in the '''PA_KEY_VALUE_STORE''' table. The database administrator can store new secure strings by following the instructions below.
* [[SQL Scripting Commands|SQL scripting commands]]: ImportOdbcQuery, ImportSalesforceQuery and ImportSapQuery.
 
* [[QPR_ProcessAnalyzer_Model_Datasources#Loading_Data_from_ODBC_Datasource|ODBC datasources of model]].
The PA_KEY_VALUE_STORE table has the following columns:
* [[DataFrame_in_Expression_Language#ImportOdbcSecure|ImportODBCSecure]] function (expression language)
* '''KVS_ID''': Row id. Leave empty as its filled automatically.
* '''KVS_TYPE''': Type of the secure string to determine its purpose. Available values are:
** '''1''': ODBC connection string. Can be used in the [[DataFrame_in_Expression_Language#ImportOdbcSecure|ImportODBCSecure]] function and [[SQL Scripting Commands#--.23ImportOdbcQuery|ImportOdbcQuery]] command.
** '''2''': SAP password. Can be used in the [[SQL Scripting Commands#--.23ImportSapQuery|ImportSapQuery]] command.
** '''3''': Salesforce password. Can be used in the [[SQL Scripting Commands#--.23ImportSalesforceQuery|ImportSalesforceQuery]] command.
* '''KVS_PROJECT_ID''': Id of the project, to which the secure string is stored. Project id's can be seen in the model properties.
* '''KVS_KEY''': Key (name) of the secure string. Use a descriptive key name. Note that there cannot be any duplicates within the same project id.
* '''KVS_VALUE''': The actual secured data, which is typically a password or a connection string.
 
== Using Secure Strings ==
 
Secure strings can be used in the following locations:
* In the following [[SQL Scripting Commands|scripting commands]]: ImportOdbcQuery, ImportSalesforceQuery and ImportSapQuery.
* In the [[QPR_ProcessAnalyzer_Model_Datasources#Loading_Data_from_ODBC_Datasource|ODBC datasources of model]].
* In the [[DataFrame_in_Expression_Language#ImportOdbcSecure|ImportODBCSecure]] function (expression language)
 
[[Category: QPR ProcessAnalyzer]]

Revision as of 11:51, 18 January 2024

Secrets provide a way to store passwords and other confidential data in QPR ProcessAnalyzer, so that it can be used without users seeing the original plaintext. For example in ETL scripts, SAP, Salesforce and ODBC passwords can be stored as secrets, which can be referred by their names in the ETL script commands.

When the secure strings are stored, the purpose (called type of the secure string) of the secure string is also defined. Following types are available: Odbc connection strings, SAP passwords and Salesforce passwords. For example, if a secure string type is SAP password, it cannot be used as an ODBC connection string.

Secure strings are project specific, so their permissions come from the project. To use a secure string, the user needs to have at least GenericRead permission to the project.

Note: Currently ImportSqlQuery and ImportOleDbQuery don't yet support defining password as a secure string.

Using Secrets

Secrets can be used in the following commands: