Versions Compared

Version Old Version 13 New Version Current
Changes made by

Fiona Sargeant

Zoe Baldwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Insert excerpt
_Banners
_Banners
nameanalysis
nopaneltrue

This page is for data modellers who need to provide securely-stored credentials to access data via HTTP.

typepage

Overview

When importing data via HTTP, you sometimes need to provide authentication to an external site.

You can do this by storing the username and password

  • as plain text the HTTP datasource instance. This is not secure.
  • encrypted within a PhixFlow local secret as 2 key-value pairs, as described below.
  • encrypted within a keystore, where the key is generated by PhixFlow and the same key+value is stored in the keystore.

Store Authentication in Plain Text

Warning

This method stores a username and password in plain text in the PhixFlow database.

Step 1: Store the credentials:

  1. Open a HTTP datasource properties
  2. in the HTTP Datasource Instances section add a new instance
  3. In the instance, enter the details for the Name, Username and Password properties
  4. Save the properties.

Step 2: Use the credentials:

In an analysis models, the HTTP datasource must have a HTTP collector or HTTP exporter connected to it. Expressions within the HTTP collector and exporter can use the following variables to reference the username and password.

PropertiesVariableUsername %USERNAME%Password%PASSWORD%.

Store Authentication Encrypted in PhixFlow

To store a username and password encrypted in PhixFlow, configure a key/value pair using the secret key.

  • In a HTTP Datasource properties → Secret Key Details, create a secret key.
    • In the Secret field, click Insert excerpt_add_addnopaneltrue to create a new Local Secret item.
  • In the local secret → Secret field, add the value, which PhixFlow stores encrypted.

    • You can use the secret key name to refer to the encrypted value in:

    • HTTP collectors and exporters → URL Expression or Statement Expression fields in
    • HTTP Headers Properties → Basic Settings → Value.

    by specifying ${_datasource.key}  where key is the Name of the secret key.                                                                                                                                                         

    When you run analysis, PhixFlow uses the secret key Name to find the key, which finds the encrypted secret. It then provides the de-encrypted value to authenticate to the external site.

    To create a key/value pair, in an HTTP datasource properties → Secret Key Details section, click  Insert excerpt_add_addnopaneltrue to create a new secret keyThere are several options for how to store and then reference the username and password; see Authenticating for an API. One option is to use the Secret Key section to create a key associated with the username or password, which is encrypted and stored in the PhixFlow database.

    For Private Secret Keys, see Private Secrets.

    Insert excerpt
    _property_toolbar
    _property_toolbar
    nopaneltrue

    Secret

    Key 

    Key

    Insert excerpt
    _property_tabs
    _property_tabs
    namebasic-h
    nopaneltrue

    Insert excerpt
    _parent
    _parent
    nopaneltrue

    Basic Settings

    FieldDescription
    Name
    Enter a name.  
    Insert excerpt
    _save
    _save
    nopaneltrue
     the properties. Use this name in expressions to refer to this key using ${_datasource.key} .
    Key

    Read-only. When you save the secret key, PhixFlow automatically generates a unique key in this field. The key is a combination of the Name and the internal ID of the HTTP datasource.

    Note

    This key remains the same if you change the name of the secret key. 


    Enabled

     

    Insert excerpt
    _check_box_tick
    _check_box_tick
    nopaneltrue
     to indicate you have completed configuring the secret key and associated local secret value, and it is ready to use. The local secret value may be null.

    Insert excerpt
    _check_box_untick
    _check_box_untick
    nopaneltrue
     means a reference to this secret key in an expression will fail.

    Secret

    Click 

    Insert excerpt
    _add
    _add
    nopaneltrue
     to create a local secret item, where you can enter the value, such as a password, that is paired with this secret key; see Local Secret Properties, below.

    When you save the local secret, PhixFlow displays asterisks here to show that the secret value has been encrypted.

    To edit a secret value, click 

    Insert excerpt
    _edit
    _edit
    nopaneltrue
    .
    To delete a secret value, click 
    Insert excerpt
    _delete
    _delete
    nopaneltrue
    .

    If you don't define a secret, PhixFlow will look for secret in its own secret service or in the keystore.

  • Configure a Keystore and Aliases

    • You can save the secret key without adding a secret. In this case, you must add the secret key and a value to the keystore; see Authenticating for an API and Adding Data to a Keystore.

    Insert excerpt
    _description
    _description
    nopaneltrue

    Insert excerpt
    _audit
    _audit
    nopaneltrue

    Local Secret 
    Anchor
    value
    value

    Insert excerpt
    _property_tabs
    _property_tabs
    namebasic-h
    nopaneltrue
     

    Anchorvaluevalue

    Basic Settings

    FieldDescription
    Key
    Read only. The same automatically-generated key in the secret key paired with this local secret.
    Secret

    Enter the value that you want to encrypt, such as a password. To switch between displaying or hiding the value, click 

    Insert excerpt
    _password_view
    _password_view
    nopaneltrue
    .

    PhixFlow encrypts the value when storing it in the database, but when it is required to authenticate to an external site, PhixFlow supplies the unencrypted string. 

    Insert excerpt
    _audit
    _audit
    nopaneltrue

    The name is what you refer to in an expression. Internally tables

    You can have key without a secret

    GUI presents it as a name a flag and a secret.

    in the properties Name - key, secret

    Store Authentication Encrypted in the Keystore

    todo-fiona

    Define a local key secret and enter keynames

    Internal IDs

    If you dont put in a local secret

    it will look in the keystore

    If you have configured a Java keystore Configure a Keystore and Aliases and Adding Data to a Keystore  you can use this to store secure credentials instead of using a Local Secret. 

    If you want to you can use a keystore.

    32 digits.password key

    32 digits = datasource

    Datasource and HTTP Datasource modelling objects have properties → Advanced → Internal ID.

    This is a read-only field that provides the database identifier for the datasource. 

    You can supply a key-value pair to the keystore. However, the username and password key or value requires the datasource ID.

    EG. Datasource needs a username XYZ and password ABC 

    Key datasource1-username - internalIDXYZ

    Key datasource1-pw - internalIABC

    Why its there is to help with debugging complex issues as requested by support...

    Datasource 

    1. Store the username key-value pair in the keystore.
    2. Store the password key-value pair in the keystore.
    3. To reference them, in the expressions, use ${_datasource.key}  where key is the key
    Live SearchspaceKey@selfadditionalnoneplaceholderSearch all help pages

    External Secret (Keystore)

    Secret values such as passwords can be held in the Java Keystore used as part of your PhixFlow installation. This enables a single instance of the secret to exist outside off PhixFlow.

    Setup

    1. In PhixFlow, open the Properties of the HTTP of Database Datasource where the secret value will be used.
    2. In the Advanced section, record the 32 character Internal ID.
    3. Create an entry on the server Keystore with the naming convention datasourceInternalID.KeyName. Where the KeyName should be unique from any other secret name used in PhixFlow.


      1. Info
        titleExample

        b813b1bc5554e1259cc8cbd1087ca4ab.password


    4. The Datasource can now reference the secret using the syntax, _datasource.KeyName


      1. Info

        _datasource.


    5. PhixFlow will now use the Keystore value secret.
      1. Note, PhixFlow checks for a local secret with the KeyName first and if one exists it will be used. If one is not found PhixFlow checks the keystore for the value and uses it where found. All names are case-sensitive.

    Using a Secret

    For HTTP objects connected to the HTTP datasource, and HTTP Action nodes you can reference a secret key in:

    • HTTP Collectors and HTTP Exporters → URL Expression or Statement Expression 
    • HTTP Headers Properties → Basic Settings → Value.
    • HTTP Action → Headers

    Insert excerpt
    Authenticating for an API
    Authenticating for an API
    nopaneltrue


    Panel
    borderColor#00374F
    titleColorwhite
    titleBGColor#00374F
    borderStylesolid
    titleSections on this page

    Table of Contents
    maxLevel3
    indent12px
    stylenone

    Learn More

    For links to all pages in this topic, see Analysis Models for Batch Processing Data.

    Insert excerpt_terms_changing_terms_changingnopaneltrue