Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This page is for data modellers who need to provide securely-stored credentials to access data via HTTP.

Overview

When importing data via HTTP, you sometimes need to provide authentication to an external site.

You can do this by storing the username and password

  • as plain text the HTTP datasource instance. This is not secure.
  • encrypted within a PhixFlow local secret as 2 key-value pairs, as described below.
  • encrypted within a keystore, where the key is generated by PhixFlow and the same key+value is stored in the keystore.


Store Authentication in Plain Text


This method stores a username and password in plain text in the PhixFlow database.

Step 1: Store the credentials:

  1. Open a HTTP datasource properties
  2. in the HTTP Datasource Instances section add a new instance
  3. In the instance, enter the details for the Name, Username and Password properties
  4. Save the properties.

Step 2: Use the credentials:

In an analysis models, the HTTP datasource must have a HTTP collector or HTTP exporter connected to it. Expressions within the HTTP collector and exporter can use the following variables to reference the username and password.

PropertiesVariable
Username %USERNAME%
Password%PASSWORD%.



Store Authentication Encrypted in PhixFlow

To store a username and password encrypted in PhixFlow, configure a key/value pair using the secret key.

  1. In a HTTP Datasource properties → Secret Key Details, create a secret key.
  2. In the Secret field, click  Add New to create a new Local Secret item.
  3. In the local secret → Secret field, add the value, which PhixFlow stores encrypted.

You can use the secret key name to refer to the encrypted value in:

  • HTTP collectors and exporters → URL Expression or Statement Expression fields in
  • HTTP Headers Properties → Basic Settings → Value.

by specifying ${_datasource.key}  where key is the Name of the secret key.                                                                                                                                                         

When you run analysis, PhixFlow uses the secret key Name to find the key, which finds the encrypted secret. It then provides the de-encrypted value to authenticate to the external site.

To create a key/value pair, in an HTTP datasource properties → Secret Key Details section, click  Add New to create a new secret key.

Property Pane Toolbar

For information about the toolbar options, see the Common Properties page, Toolbars and Controls section.

Secret Key  Properties Tab

Parent Details

If this item is within or belongs to another, its parent name is shown here. See the Parent Details section on the Common Properties page for more details.

Basic Settings

FieldDescription
NameEnter a name.   Apply the properties. Use this name in expressions to refer to this key using ${_datasource.key} .
KeyRead-only. When you save the secret key, PhixFlow automatically generates a unique key in this field.
Enabled

  Tick to indicate you have completed configuring the secret key and associated local secret value, and it is ready to use. The local secret value may be null.

 Untick means a reference to this secret key in an expression will fail.

Secret

Click  Add New to create a local secret item, where you can enter the value, such as a password, that is paired with this secret key; see Local Secret Properties, below.

When you save the local secret, PhixFlow displays asterisks here to show that the secret value has been encrypted.

To edit a secret value, click  Edit.
To delete a secret value, click  Delete.

If you don't define a secret, PhixFlow will look for secret in its own secret service or in the keystore.

Description

We recommend that you always enter a description to explain the purpose of this item.

 Audit Tab

Audit Summary

See the Common Properties page, Audit Summary section.

Local Secret  Properties Tab 

FieldDescription
KeyRead only. The same automatically-generated key in the secret key paired with this local secret.
Secret

Enter the value that you want to encrypt, such as a password. To switch between displaying or hiding the value, click  Show/Hide Password.

PhixFlow encrypts the value when storing it in the database, but when it is required to authenticate to an external site, PhixFlow supplies the unencrypted string. 

 Audit Tab

Audit Summary

See the Common Properties page, Audit Summary section.

The name is what you refer to in an expression. Internally tables

You can have key without a secret

GUI presents it as a name a flag and a secret.

in the properties Name - key, secret

Store Authentication Encrypted in the Keystore

todo-fiona

Define a local key secret and enter keynames

Internal IDs

If you dont put in a local secret

it will look in the keystore

If you have configured a Java keystore Configure a Keystore and Aliases and Adding Data to a Keystore  you can use this to store secure credentials instead of using a Local Secret. 

If you want to you can use a keystore.

32 digits.password key

32 digits = datasource

Datasource and HTTP Datasource modelling objects have properties → Advanced → Internal ID.

This is a read-only field that provides the database identifier for the datasource. 

You can supply a key-value pair to the keystore. However, the username and password key or value requires the datasource ID.

EG. Datasource needs a username XYZ and password ABC 

Key datasource1-username - internalIDXYZ

Key datasource1-pw - internalIABC

Why its there is to help with debugging complex issues as requested by support...

Datasource 

  1. Store the username key-value pair in the keystore.
  2. Store the password key-value pair in the keystore.
  3. To reference them, in the expressions, use ${_datasource.key}  where key is the key

Sections on this page

Learn More

For links to all pages in this topic, see Analysis Models for Batch Processing Data.


Terminology changes in progress

As part of the redesign of PhixFlow, we are changing the following terms:

dashboard → screen   
stream → table
stream attributes → attributes
stream item → record
stream set → recordset
stream view → view
stream item action → record-action 
stream action → table-action
driver class → database driver

  • No labels