Private data storage
To safely store keys, passwords, and other private information, DataSphere provides a special type of resource called secrets.
A secret is a key-value pair with the value stored in an encrypted format. After you create a secret, you will see ***
instead of the value.
Secrets are created in a project and assigned to it. You can use created secrets in a cell code as environment variables to securely connect to data sources and version control systems; you can also use secrets to store keys required to create other resources, such as S3 connectors.
You cannot modify a secret created in a different project, but you can modify its copy.
A copied secret is not bound to the original: you can edit and delete the former without affecting the latter.
Tip
The advantage of secrets is that their values are stored and transferred in encrypted form only and cannot be used when publishing the code and in project logs. Do not output the value of a secret to the screen or assign it to a regular variable.
Information about a secret as a resource
The following information is stored about each secret:
- Unique resource ID.
- Resource creator.
- Creation and last update dates in UTC
format, e.g.,July 18, 2022, 14:23
.
The secret page also contains sample bash and Python code for running the resource in a project cell.
Scope of secrets
Once created, a secret is available for a project. Like any other resource, you can share the secret in the community to use it in other projects. To do this, you need at least the Editor
role in the project and the Developer
role in the community in which you want to publish it. You can open the access on the Access tab on the secret view page. The secret available to the community will appear on the community page under Community resources.