Storing Secrets for Scripts: Difference between revisions
No edit summary |
|||
| Line 3: | Line 3: | ||
Each secret has a type which defines in which command the secret can be used. The purpose of the type is to improve security, so that the secret can only be used in the intended command. | Each secret has a type which defines in which command the secret can be used. The purpose of the type is to improve security, so that the secret can only be used in the intended command. | ||
There are project-specific and global secrets. To use a secret, the user needs to have ''GenericRead'' permission to the project (or global ''GenericRead'' to use the global secrets). To define a secret, the ''ManageProject'' permission to the project is needed (or global ''ManageProject'' to define the global secrets). | |||
== Setting secrets == | == Setting secrets == | ||
Secrets can be set by calling the [[QPR_ProcessAnalyzer_Objects_in_Expression_Language#SetSecret|SetSecret]] function for Project entity. There is | Secrets can be set by calling the [[QPR_ProcessAnalyzer_Objects_in_Expression_Language#SetSecret|SetSecret]] function for Project entity, or the corresponding generic context SetSecret function. | ||
There is a property [[QPR_ProcessAnalyzer_Objects_in_Expression_Language#Project|Secrets]] for projects to list all secrets in the project. For the global secrets, there is the corresponding global Secrets property. Note that the secret value cannot be retrieved even by system administrators. | |||
== Using secrets == | == Using secrets == | ||
Revision as of 09:04, 27 March 2025
Secrets provide method to store passwords and other confidential data in QPR ProcessAnalyzer, so that they can be used without users being able to see the original plaintext. For example in ETL scripts, SAP, Salesforce and ODBC passwords can be stored as secrets, which can be referred by their names in the ETL script commands.
Each secret has a type which defines in which command the secret can be used. The purpose of the type is to improve security, so that the secret can only be used in the intended command.
There are project-specific and global secrets. To use a secret, the user needs to have GenericRead permission to the project (or global GenericRead to use the global secrets). To define a secret, the ManageProject permission to the project is needed (or global ManageProject to define the global secrets).
Setting secrets
Secrets can be set by calling the SetSecret function for Project entity, or the corresponding generic context SetSecret function.
There is a property Secrets for projects to list all secrets in the project. For the global secrets, there is the corresponding global Secrets property. Note that the secret value cannot be retrieved even by system administrators.
Using secrets
Secrets can be used in the following commands:
- SQL scripting commands: ImportOdbcQuery, ImportSalesforceQuery and ImportSapQuery.
- ODBC datasources of model.
- ImportODBCSecure function (expression language)
- CreateSnowflakeConnection function (expression language)
Note: Currently ImportSqlQuery and ImportOleDbQuery don't yet support the secrets.