This page is for data modellers who need to provide securely-stored credentials to access data via HTTP.

Overview

When importing data via HTTP, you sometimes need to provide authentication to an external site.

You can do this by storing the username and password

• as plain text the HTTP datasource instance. This is not secure.
• encrypted within a PhixFlow local secret as 2 key-value pairs, as described below.
• encrypted within a keystore, where the key is generated by PhixFlow and the same key+value is stored in the keystore.

Store Authentication in Plain Text

Step 1: Store the credentials:

1. Open a HTTP datasource properties
2. in the HTTP Datasource Instances section add a new instance
3. In the instance, enter the details for the Name, Username and Password properties
4. Save the properties.

Step 2: Use the credentials:

In an analysis models, the HTTP datasource must have a HTTP collector or HTTP exporter connected to it. Expressions within the HTTP collector and exporter can use the following variables to reference the username and password.

Store Authentication Encrypted in PhixFlow

To store a username and /or password securelyencrypted in PhixFlow, configure a key/value pair using the secret key.  

1. In a HTTP Datasource properties → Secret Key Details, create a secret key.
2. In the Secret field, click

   Insert excerpt
   _add _add nopanel true

    to create a new Local Secret item.
3. In the local secret → Secret field, add the value, which PhixFlow stores encrypted.

You can use the secret key name to refer to the encrypted value in:

• HTTP collectors and exporters → URL Expression or Statement Expression fields in
• HTTP Headers Properties → Basic Settings → Value.

by specifying ${_datasource.key}  where key is the Name of the secret key.                                                                                                                                                         

When you run analysis, PhixFlow uses the secret key Name to find the key, which finds the encrypted secret. It then provides the de-encrypted value to authenticate to the external site.

To create a key/value pair, in an HTTP datasource properties → Secret Key Details section, click 

Secret Key 

Insert excerpt
_property_tabs _property_tabs name basic-h nopanel true

Basic Settings

Local Secret 

Insert excerpt
_property_tabs _property_tabs name basic-h nopanel true

 

Anchor
value value

The name is what you refer to in an expression. Internally tables

You can have key without a secret

GUI presents it as a name a flag and a secret.

in the properties Name - key, secret

Store Authentication Encrypted in the Keystore

todo-fiona

Define a local key secret and enter keynames

Internal IDs

If you dont put in a local secret

it will look in the keystore

If you have configured a Java keystore Configure a Keystore and Aliases and Adding Data to a Keystore  you can use this to store secure credentials instead of using a Local Secret. 

If you want to you can use a keystore.

32 digits.password key

32 digits = datasource

Datasource and HTTP Datasource modelling objects have properties → Advanced → Internal ID.

This is a read-only field that provides the database identifier for the datasource. 

You can supply a key-value pair to the keystore. However, the username and password key or value requires the datasource ID.

EG. Datasource needs a username XYZ and password ABC 

Key datasource1-username - internalIDXYZ

Key datasource1-pw - internalIABC

Why its there is to help with debugging complex issues as requested by support...

Datasource 

1. Store the username key-value pair in the keystore.
2. Store the password key-value pair in the keystore.
3. To reference them, in the expressions, use ${_datasource.key}  where key is the key.