Jump to content

Secret Mangement Best Practices


Go to solution Solved by Alberto Rivas,

Recommended Posts

Posted

These are two options I have used:

  • Use a .env file, don't give many people access to the datalab project (don't use the corporate folder)
    • Advantage is that you can use github and share notebooks manually, no secrets stored in notebooks
    • Disadvantage is that nobody else can see or use the project unless you want them to have the secrets. (and seeq admins)
  • Misuse the seeq "AccessKeys" API- Create a new seeq access key with the API secret in the name or description of the key (the seeq access key isn't needed)
    • Advantage is that secrets would only be available and viewable to individual user (and seeq admins)
    • Disadvantage is that it is using something in a non-standard way, which means it might stop working after an upgrade.

I think the .env is really the only way to go for now?

 

  • Seeq Team
  • Solution
Posted

Hi Ivan,
What is the intent here? For example, do you want other users to only execute the code without making any changes to the notebook or potentially not even seeing the code (and the secrets)? or are you expecting other users to take your notebook as a starting point and make their changes?

If it's the former, we are in the process of preparing documentation to provide some guidance. More to come on this in a few weeks.

If it's the latter, the typical approach is what you describe with a `.env` file. As you mentioned, you don't store any secrets in the notebook but expect other users to create their own `.env` file with their own credentials. Typically, you can also commit an example `env` file to the repo to show what is expected in the file. 
 

Posted

I really like the idea putting nearly everything on the corporate drive (in an organized fashion), it means that if I leave the company or move to a new responsibility, I'm not taking all the things I built with me in my personal drive. The intent would be that this can be done without sharing the secret with everyone that has access to the notebook.

I look forward to the documentation you are coming up with, it sounds close to what I am trying to do.

Thanks!

  • 1 month later...
  • Seeq Team
Posted

To clarify, if a Seeq user needs to be removed, Seeq will force you to enter a new user who will take over ownership of the items owned by the user you want to remove. 

On the topic of restricting access to secrets and other sensitive information. We recently put together this page with some guidance on that topic. It would be great to hear your comments about it.

  • Like 1
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...