Secret Key and Local Secret

Overview

When importing data via HTTP, you sometimes need to provide authentication to an external site. There are several options for how to store and then reference the username and password; see Authenticating for an API. One option is to use the Secret Key section to create a key associated with the username or password, which is encrypted and stored in the PhixFlow database.

For Private Secret Keys, see Private Secrets.

Property Pane Toolbar

For information about the toolbar options, see the Common Properties page, Toolbars and Controls section.

Secret Key

 Properties Tab

Parent Details

If this item is within or belongs to another, its parent name is shown here. See the Parent Details section on the Common Properties page for more details.

Basic Settings

FieldDescription
Name
Enter a name.   Apply the properties. Use this name in expressions to refer to this key using ${_datasource.key} .
Key

Read-only. When you save the secret key, PhixFlow automatically generates a unique key in this field. The key is a combination of the Name and the internal ID of the HTTP datasource.

This key remains the same if you change the name of the secret key. 

Enabled

  Tick to indicate you have completed configuring the secret key and associated local secret value, and it is ready to use. The local secret value may be null.

 Untick means a reference to this secret key in an expression will fail.

Secret

Click  Add New to create a local secret item, where you can enter the value, such as a password, that is paired with this secret key; see Local Secret Properties, below.

When you save the local secret, PhixFlow displays asterisks here to show that the secret value has been encrypted.

To edit a secret value, click  Edit.
To delete a secret value, click  Delete.

You can save the secret key without adding a secret. In this case, you must add the secret key and a value to the keystore; see Authenticating for an API and Adding Data to a Keystore.

Description

We recommend that you always enter a description to explain the purpose of this item.

 Audit Tab

Audit Summary

See the Common Properties page, Audit Summary section.

Local Secret 

 Properties Tab 

Basic Settings

FieldDescription
Secret

Enter the value that you want to encrypt, such as a password. To switch between displaying or hiding the value, click  Show/Hide Password.

PhixFlow encrypts the value when storing it in the database, but when it is required to authenticate to an external site, PhixFlow supplies the unencrypted string. 

 Audit Tab

Audit Summary

See the Common Properties page, Audit Summary section.

External Secret (Keystore)

Secret values such as passwords can be held in the Java Keystore used as part of your PhixFlow installation. This enables a single instance of the secret to exist outside off PhixFlow.

Setup

  1. In PhixFlow, open the Properties of the HTTP of Database Datasource where the secret value will be used.
  2. In the Advanced section, record the 32 character Internal ID.
  3. Create an entry on the server Keystore with the naming convention datasourceInternalID.KeyName. Where the KeyName should be unique from any other secret name used in PhixFlow.
    1. Example

      b813b1bc5554e1259cc8cbd1087ca4ab.password

  4. The Datasource can now reference the secret using the syntax, _datasource.KeyName
    1. _datasource.

  5. PhixFlow will now use the Keystore value secret.
    1. Note, PhixFlow checks for a local secret with the KeyName first and if one exists it will be used. If one is not found PhixFlow checks the keystore for the value and uses it where found. All names are case-sensitive.

Using a Secret

For HTTP objects connected to the HTTP datasource, and HTTP Action nodes you can reference a secret key in:

  • HTTP Collectors and HTTP Exporters → URL Expression or Statement Expression 
  • HTTP Headers Properties → Basic Settings → Value.
  • HTTP Action → Headers

In an expression, specify 2 keys, one for the username and one for the password, using
    ${_datasource.key}  where key is the Name of the secret key.                                                                                            

When you run analysis, PhixFlow looks for the specified key:

  • first in the associated HTTP datasource
  • then in the keystore.

PhixFlow provides the de-encrypted value to authenticate to the external site.

It is possible to create and to use a key without adding the associated value to:

  • either the local secret
  • or the keystore

If you run analysis on a model containing an HTTP object that cannot find a value for a key, it will cause an error.