Credentials Management

Created: November 25, 2022, Updated: September 14, 2023

Vault provides you a with way to store sensitive data in your Bizzflow configuration securely.

If you find yourself in a situation when you would want to put your credentials or secrets into a Bizzflow configuration file (such as extractor database password or API token for a writer), you should use Vault to store them and point to them in your configuration.

You will find the vault in Flow UI.

Flow UI Vault

Basic usage

You can switch between credential types using the tabs at the top of the Vault page. After selecting a credential you will see a dialog. If the credential type is visible, you will see your credentials in plain text, otherwise you won’t see its value, but you can type in a new value and update it in the store.

With the ➕ Create new... button, you can create a new credential in the vault.

Flow UI Vault add credentials
Adding new credentials

Using credentials in configuration

If you need to include a secret value in your configuration, refer to your vault entry using its id with #!#: prefix. Add my-password credential to the vault with value this-is-my-password and place it in your configuration instead of your actual secret, such as this:

  // ❌ This is wrong:
  "password": "this-is-my-password",

  // ✅ This is correct:
  "password": "#!#:my-password"

Or in YAML:

# ❌ This is wrong:
password: "this-is-my-password"

# ✅ This is correct:
password: "#!#:my-password"

Bizzflow will automatically replace the link with the secret value when needed.

Credential types

  • Project credentials
    • Credentials you create and may use within your Bizzflow configuration files.
  • Sandbox & Datamarts
  • Special Credentials
    • Credentials Bizzflow needs for its internal use. Do not tamper with them, you may break your Bizzflow deployment.

Visible credentials

Credentials listed in Sandbox & Datamarts section are visible. Datamart credentials (starting with dm_) are visible in plain text for all users. Sandbox credentials (starting with dev_) are only visible in plain text for users they belong to. Keep that in mind when adding users to your project.