Ivan Berry Posted May 17 Posted May 17 What is the best way to manage secrets for APIs or Storage that we are using in Seeq Datalab?
Ivan Berry Posted May 17 Author Posted May 17 These are two options I have used: Use a .env file, don't give many people access to the datalab project (don't use the corporate folder) Advantage is that you can use github and share notebooks manually, no secrets stored in notebooks Disadvantage is that nobody else can see or use the project unless you want them to have the secrets. (and seeq admins) Misuse the seeq "AccessKeys" API- Create a new seeq access key with the API secret in the name or description of the key (the seeq access key isn't needed) Advantage is that secrets would only be available and viewable to individual user (and seeq admins) Disadvantage is that it is using something in a non-standard way, which means it might stop working after an upgrade. I think the .env is really the only way to go for now?
Seeq Team Solution Alberto Rivas Posted May 17 Seeq Team Solution Posted May 17 Hi Ivan, What is the intent here? For example, do you want other users to only execute the code without making any changes to the notebook or potentially not even seeing the code (and the secrets)? or are you expecting other users to take your notebook as a starting point and make their changes? If it's the former, we are in the process of preparing documentation to provide some guidance. More to come on this in a few weeks. If it's the latter, the typical approach is what you describe with a `.env` file. As you mentioned, you don't store any secrets in the notebook but expect other users to create their own `.env` file with their own credentials. Typically, you can also commit an example `env` file to the repo to show what is expected in the file.
Ivan Berry Posted May 17 Author Posted May 17 I really like the idea putting nearly everything on the corporate drive (in an organized fashion), it means that if I leave the company or move to a new responsibility, I'm not taking all the things I built with me in my personal drive. The intent would be that this can be done without sharing the secret with everyone that has access to the notebook. I look forward to the documentation you are coming up with, it sounds close to what I am trying to do. Thanks!
Seeq Team Alberto Rivas Posted June 25 Seeq Team Posted June 25 To clarify, if a Seeq user needs to be removed, Seeq will force you to enter a new user who will take over ownership of the items owned by the user you want to remove. On the topic of restricting access to secrets and other sensitive information. We recently put together this page with some guidance on that topic. It would be great to hear your comments about it. 1
Ivan Berry Posted July 28 Author Posted July 28 Thankyou the access level table and the clear example are very helpful to understand who will be able to access it.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now