kino_db icon indicating copy to clipboard operation
kino_db copied to clipboard
verified publisher icon livebook-dev

Use Secrets for sensitive data inside GoogleBigQuery connection config

Open hugobarauna opened this issue 3 years ago • 2 comments

When we drag and drop the JSON credentials file to the Google BigQuery connection config, the Smart Cell generates code that contains sensitive data, like the private_key and private_key_id.

Now that we have the Secrets feature, we could use that feature somehow instead of saving sensitive data inside the notebook.

What do you think?

hugobarauna avatar Oct 18 '22 18:10 hugobarauna

I've been thinking about this and storing the JSON itself inside a secret could work (detecting that's a JSON, and decoding after the System.fetch_env!/1). @josevalim WDYT?

aleDsz avatar Oct 19 '22 00:10 aleDsz

We would have to support secret uploads in the secret modal. Perhaps via a configuration parameter set when the modal is open by Kino. Then the file is uploaded and its contents stored in the env var.

/cc @cristineguadelupe

josevalim avatar Oct 19 '22 06:10 josevalim