Using credentials inside Python processor

ONE DATA Core
1

Hi everyone,
is there a way to use credentials inside a python processor without providing them in clear text?
Some context: We want to connect to a sftp server using a python processor and then import data from there. For the connection we need to provide username + password. It works fine when providing it in clear text, but this seems not to be an optimal way.
Thanks!

1 Like
2

Hey Katharina,

What you are looking for are “exposed” keys. This means that the key information is not only visible and usable by ONE DATA internally, but can also be retrieved from external services via the corresponding authenticated API request.

When you create a key, there is a toggle to expose the key. You can also expose already existing keys, but for security reasons this is only possible for the original creator (owner) of the key.

There is an endpoint to retrieve the username/password of the credentials in clear text ( /keys/{keyId}/exposed). Note that the key needs to be exposed to retrieve it this way and that you need to have the correct access rights for it.

Exposed keys are also covered by the ONE DATA Python SDK.

Example code to login as a technical user with credentials from an exposed key 
from onedata.api import OneDataApi
from onedata.credentials.types import Credentials
 
onedata_base_url = "https://internal.onedata.de"
technical_user_credentials_id: uuid = "30b2d7d9-4027-41ad-b5d1-1c4ba98390f9"
technical_user_credentials: Credentials = onedata_api.credentials.get(technical_user_credentials_id)
 
onedata_api_technical_user = OneDataApi(base_url=onedata_base_url,
                                        username=technical_user_credentials.key_information.username,
                                        password=technical_user_credentials.key_information.password)

I hope this helps!

Cheers,
Tris

7 Likes
3

Hi Tris,

How do i initialize/ import “onedata_api” in

technical_user_credentials: Credentials = onedata_api.credentials.get(technical_user_credentials_id)

?

4

Hey Jonas,

there are multiple ways to do this.

For example, in Python Processors (in Workflows), you can use

from onedata.api import OneDataApi

onedata_api = OneDataApi.from_globals(globals())

and for OD Functions you can use

from onedata.api import OneDataApi

def handle(req):
    onedata_api = OneDataApi.from_request(req)

Hope this helps. More information and examples about authorization in the SDK as well as additional examples can be found in Docs.

Cheers,
Tristan

1 Like