Managing Secrets in the Browser in InfluxDB Cloud
By
Russ Savage /
Use Cases, Product, Developer
Aug 19, 2021
Navigate to:
Directly embedding passwords and API keys into the code you write is a bad practice. Of course, everyone knows this, but I’ll be the first to admit that it still happens now and then. In the world of source control and shared codebases, leaking a password can be a huge problem that costs your team time and money.
Of course, today many companies leverage a secrets management system to lower the probability of something like this happening.
InfluxDB Cloud ships with a built-in secrets management system powered by the industry-leading Vault secret store to provide every customer with a secure secret store. Users can store secrets, list their keys, and delete secrets using our fully documented API.
Now, that capability is available directly in the InfluxDB Cloud web interface so that you can quickly add or update secrets for your Flux scripts without having to work with the API.
Use cases for storing secrets
Users usually use InfluxDB Cloud secrets store for keeping track of sensitive connection information such as passwords, 3rd party API keys, and other security credentials when writing Flux scripts.
For example, suppose you need to bring data into InfluxDB Cloud that is stored in Snowflake. Flux has a sql.from function that allows you to connect to many popular SQL databases, including Snowflake. When doing so, you will need to provide credentials for that connection. Those credentials should be stored in the secrets store and fetched by the Flux script directly.
import "sql"
import "influxdata/influxdb/secrets"
username = secrets.get(key: "SNOWFLAKE_USER")
password = secrets.get(key: "SNOWFLAKE_PASS")
account = secrets.get(key: "SNOWFLAKE_ACCT")
sql.from(
driverName: "snowflake",
dataSourceName: "${username}:${password}@${account}/db/exampleschema?warehouse=wh",
query: "SELECT * FROM example_table"
)Examples for working with the Flux secrets package are available in our documentation.
Adding a new secret
To get to the secrets management page in your browser, simply log into your InfluxDB Cloud account and navigate to the setting page (the gearbox icon in the left navigation menu) and look for the “Secrets” tab. From there, adding a secret is as easy as clicking the “Add Secret” button.
Keep in mind that once a secret is created, it cannot be viewed or updated again. In order to change the value, you will need to delete and create a new secret. Any Flux scripts that were using that secret will need to be updated as well with the new secret key.
You can then leverage that secret in any Flux script or Task that runs on our InfluxDB Cloud platform.
Conclusion
One of the major goals of InfluxDB is to be secure by default, and we aim to give developers the right tools to ensure that the code they write and the applications they build on our platform can be secure as well.
As we move forward, we are looking for ways to make it easy to access these secret keys from anywhere you write Flux code in our platform.
If you have any questions or feedback, please join us on our Community Slack Workspace or on GitHub.
